From sle-updates at lists.suse.com Tue Mar 1 07:51:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 08:51:48 +0100 (CET) Subject: SUSE-CU-2022:238-1: Security update of trento/trento-runner Message-ID: <20220301075148.5C7CAF375@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:238-1 Container Tags : trento/trento-runner:0.9.0 , trento/trento-runner:0.9.0-rev1.1.0 , trento/trento-runner:0.9.0-rev1.1.0-build3.2.14 , trento/trento-runner:latest Container Release : 3.2.14 Severity : important Type : security References : 1194968 1195054 1195217 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:471-1 Released: Thu Feb 17 09:58:37 2022 Summary: Recommended update for trento-premium Type: recommended Severity: important References: This update for trento-premium fixes the following issues: - Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:579-1 Released: Mon Feb 28 11:12:24 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.9.0 ### Added - Pin specific container image versions in the helm chart values - review values for SUSE infrastructure - Add health summary api endpoint - Homepage UI component - Embed cpu and memory usage dashboards in host detail - Sap system health computation - Attach system replication status badge on secondary node - Add remediation command to the corosync token timeouts checks - Add node exporter state in the frontend - Add prometheus grafana to helm chart - Prometheus HTTP service discovery API - Adds feedback collector - Add connection retry when starting Web and Runner ### Fixed - Web serve command not stopped correctly during database initializaion tries - Links in compressed sidebar don't work - CD process doesn't clean up old node module tgz files - Aligns Overview - Use context correctly during db initialization - Compute attached database health - Fix dump scenario script clean-up command - Push catalog info after the checks - Show all sbd devices - Do not make assumptions about the shape of the payload of checks catalog - Remove mention of Blue Horizon from landing page - Links in compressed sidebar are working again ### Closed Issues - Checks catalog empty - Settings button missing in Pacemaker Clusters details view ### Other Changes - Enable Grafana persistence - Fix health summary api - Fix grafana secret - Fix grafana embedding - Implement cluster heatlh computation projection - refresh zypper repo before installing node exporter - Add Grafana initialization - Run prometheus installation as root - Do not add bitnami charts repo from the installer if it's not needed - Fix dependabot auto-merge workflow - Change trento path in the Dockerfile - Allows Grafana dashboards to be embedded - Add hana cluster details e2e test - E2e test cluster overview - Switch to the SLE BCI images The following package changes have been done: - libexpat1-2.2.5-3.12.1 updated - trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated - python3-rpm-4.14.3-150300.46.1 updated From sle-updates at lists.suse.com Tue Mar 1 07:52:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 08:52:21 +0100 (CET) Subject: SUSE-CU-2022:240-1: Security update of trento/trento-web Message-ID: <20220301075221.B94F1F375@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:240-1 Container Tags : trento/trento-web:0.9.0 , trento/trento-web:0.9.0-rev1.0.1 , trento/trento-web:0.9.0-rev1.0.1-build3.2.2 , trento/trento-web:latest Container Release : 3.2.2 Severity : important Type : security References : 1120610 1130496 1181131 1184124 CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:471-1 Released: Thu Feb 17 09:58:37 2022 Summary: Recommended update for trento-premium Type: recommended Severity: important References: This update for trento-premium fixes the following issues: - Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:579-1 Released: Mon Feb 28 11:12:24 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.9.0 ### Added - Pin specific container image versions in the helm chart values - review values for SUSE infrastructure - Add health summary api endpoint - Homepage UI component - Embed cpu and memory usage dashboards in host detail - Sap system health computation - Attach system replication status badge on secondary node - Add remediation command to the corosync token timeouts checks - Add node exporter state in the frontend - Add prometheus grafana to helm chart - Prometheus HTTP service discovery API - Adds feedback collector - Add connection retry when starting Web and Runner ### Fixed - Web serve command not stopped correctly during database initializaion tries - Links in compressed sidebar don't work - CD process doesn't clean up old node module tgz files - Aligns Overview - Use context correctly during db initialization - Compute attached database health - Fix dump scenario script clean-up command - Push catalog info after the checks - Show all sbd devices - Do not make assumptions about the shape of the payload of checks catalog - Remove mention of Blue Horizon from landing page - Links in compressed sidebar are working again ### Closed Issues - Checks catalog empty - Settings button missing in Pacemaker Clusters details view ### Other Changes - Enable Grafana persistence - Fix health summary api - Fix grafana secret - Fix grafana embedding - Implement cluster heatlh computation projection - refresh zypper repo before installing node exporter - Add Grafana initialization - Run prometheus installation as root - Do not add bitnami charts repo from the installer if it's not needed - Fix dependabot auto-merge workflow - Change trento path in the Dockerfile - Allows Grafana dashboards to be embedded - Add hana cluster details e2e test - E2e test cluster overview - Switch to the SLE BCI images The following package changes have been done: - tar-1.30-3.9.1 added - trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated From sle-updates at lists.suse.com Tue Mar 1 11:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 12:18:57 +0100 (CET) Subject: SUSE-SU-2022:0615-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) Message-ID: <20220301111857.B7D7AF379@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0615-1 Rating: important References: #1194463 #1195947 Cross-References: CVE-2021-0920 CVE-2022-0516 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_49 fixes several issues. The following security issues were fixed: - CVE-2022-0516: Fixed KVM s390 return error on SIDA memop on normal guest (bsc#1195947). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-605=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-615=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_49-default-2-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-2-2.1 kernel-livepatch-5_3_18-24_102-default-debuginfo-2-2.1 kernel-livepatch-SLE15-SP2_Update_24-debugsource-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2022-0516.html https://bugzilla.suse.com/1194463 https://bugzilla.suse.com/1195947 From sle-updates at lists.suse.com Tue Mar 1 11:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 12:20:19 +0100 (CET) Subject: SUSE-SU-2022:0619-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) Message-ID: <20220301112019.EB1E5F379@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0619-1 Rating: important References: #1194463 #1195307 #1195947 Cross-References: CVE-2021-0920 CVE-2021-22600 CVE-2022-0516 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues. The following security issues were fixed: - CVE-2022-0516: Fixed KVM s390 return error on SIDA memop on normal guest (bsc#1195947). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bsc#1195307). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-606=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-607=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-608=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-609=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-610=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-611=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-612=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-613=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-614=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-616=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-617=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-618=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-619=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-620=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-621=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-622=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-623=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-624=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-625=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-626=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-627=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-628=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-3-150300.2.1 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-3-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-3-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-3-150300.2.1 kernel-livepatch-5_3_18-57-default-12-3.1 kernel-livepatch-5_3_18-57-default-debuginfo-12-3.1 kernel-livepatch-5_3_18-59_13-default-10-150300.2.1 kernel-livepatch-5_3_18-59_13-default-debuginfo-10-150300.2.1 kernel-livepatch-5_3_18-59_19-default-8-150300.2.1 kernel-livepatch-5_3_18-59_19-default-debuginfo-8-150300.2.1 kernel-livepatch-5_3_18-59_24-default-6-150300.2.1 kernel-livepatch-5_3_18-59_24-default-debuginfo-6-150300.2.1 kernel-livepatch-5_3_18-59_34-default-5-150300.2.1 kernel-livepatch-5_3_18-59_34-default-debuginfo-5-150300.2.1 kernel-livepatch-5_3_18-59_40-default-4-150300.2.1 kernel-livepatch-5_3_18-59_5-default-10-150300.2.1 kernel-livepatch-5_3_18-59_5-default-debuginfo-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-12-3.1 kernel-livepatch-SLE15-SP3_Update_1-debugsource-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_3-debugsource-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_5-debugsource-8-150300.2.1 kernel-livepatch-SLE15-SP3_Update_6-debugsource-6-150300.2.1 kernel-livepatch-SLE15-SP3_Update_9-debugsource-5-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-4-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_52-default-15-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-15-2.2 kernel-livepatch-5_3_18-24_53_4-default-10-2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-10-2.1 kernel-livepatch-5_3_18-24_61-default-12-2.1 kernel-livepatch-5_3_18-24_61-default-debuginfo-12-2.1 kernel-livepatch-5_3_18-24_64-default-12-2.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-12-2.1 kernel-livepatch-5_3_18-24_67-default-10-2.1 kernel-livepatch-5_3_18-24_67-default-debuginfo-10-2.1 kernel-livepatch-5_3_18-24_70-default-10-2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-10-2.1 kernel-livepatch-5_3_18-24_75-default-9-2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-9-2.1 kernel-livepatch-5_3_18-24_78-default-8-2.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-8-2.1 kernel-livepatch-5_3_18-24_83-default-6-2.1 kernel-livepatch-5_3_18-24_83-default-debuginfo-6-2.1 kernel-livepatch-5_3_18-24_86-default-6-2.1 kernel-livepatch-5_3_18-24_86-default-debuginfo-6-2.1 kernel-livepatch-5_3_18-24_93-default-5-2.1 kernel-livepatch-5_3_18-24_93-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_96-default-4-2.1 kernel-livepatch-5_3_18-24_96-default-debuginfo-4-2.1 kernel-livepatch-5_3_18-24_99-default-3-2.1 kernel-livepatch-5_3_18-24_99-default-debuginfo-3-2.1 kernel-livepatch-SLE15-SP2_Update_11-debugsource-15-2.2 kernel-livepatch-SLE15-SP2_Update_12-debugsource-12-2.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-12-2.1 kernel-livepatch-SLE15-SP2_Update_14-debugsource-10-2.1 kernel-livepatch-SLE15-SP2_Update_15-debugsource-10-2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-10-2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-9-2.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-8-2.1 kernel-livepatch-SLE15-SP2_Update_19-debugsource-6-2.1 kernel-livepatch-SLE15-SP2_Update_20-debugsource-6-2.1 kernel-livepatch-SLE15-SP2_Update_21-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_22-debugsource-4-2.1 kernel-livepatch-SLE15-SP2_Update_23-debugsource-3-2.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2022-0516.html https://bugzilla.suse.com/1194463 https://bugzilla.suse.com/1195307 https://bugzilla.suse.com/1195947 From sle-updates at lists.suse.com Tue Mar 1 11:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 12:21:23 +0100 (CET) Subject: SUSE-RU-2022:0604-1: Recommended update for rsyslog Message-ID: <20220301112123.EC637F379@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0604-1 Rating: low References: #1194669 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-604=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-604=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-604=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): rsyslog-8.2106.0-4.22.1 rsyslog-debuginfo-8.2106.0-4.22.1 rsyslog-debugsource-8.2106.0-4.22.1 rsyslog-module-gssapi-8.2106.0-4.22.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.22.1 rsyslog-module-gtls-8.2106.0-4.22.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.22.1 rsyslog-module-mmnormalize-8.2106.0-4.22.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.22.1 rsyslog-module-mysql-8.2106.0-4.22.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.22.1 rsyslog-module-pgsql-8.2106.0-4.22.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.22.1 rsyslog-module-relp-8.2106.0-4.22.1 rsyslog-module-relp-debuginfo-8.2106.0-4.22.1 rsyslog-module-snmp-8.2106.0-4.22.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.22.1 rsyslog-module-udpspoof-8.2106.0-4.22.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.22.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-4.22.1 rsyslog-debugsource-8.2106.0-4.22.1 rsyslog-module-gssapi-8.2106.0-4.22.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.22.1 rsyslog-module-gtls-8.2106.0-4.22.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.22.1 rsyslog-module-mmnormalize-8.2106.0-4.22.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.22.1 rsyslog-module-mysql-8.2106.0-4.22.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.22.1 rsyslog-module-pgsql-8.2106.0-4.22.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.22.1 rsyslog-module-relp-8.2106.0-4.22.1 rsyslog-module-relp-debuginfo-8.2106.0-4.22.1 rsyslog-module-snmp-8.2106.0-4.22.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.22.1 rsyslog-module-udpspoof-8.2106.0-4.22.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-4.22.1 rsyslog-debuginfo-8.2106.0-4.22.1 rsyslog-debugsource-8.2106.0-4.22.1 References: https://bugzilla.suse.com/1194669 From sle-updates at lists.suse.com Tue Mar 1 11:22:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 12:22:09 +0100 (CET) Subject: SUSE-SU-2022:0647-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) Message-ID: <20220301112209.9E4ABF379@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0647-1 Rating: important References: #1194463 Cross-References: CVE-2021-0920 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_103 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-629=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-630=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-631=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-632=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-633=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-634=1 SUSE-SLE-Live-Patching-12-SP5-2022-635=1 SUSE-SLE-Live-Patching-12-SP5-2022-636=1 SUSE-SLE-Live-Patching-12-SP5-2022-637=1 SUSE-SLE-Live-Patching-12-SP5-2022-638=1 SUSE-SLE-Live-Patching-12-SP5-2022-639=1 SUSE-SLE-Live-Patching-12-SP5-2022-640=1 SUSE-SLE-Live-Patching-12-SP5-2022-641=1 SUSE-SLE-Live-Patching-12-SP5-2022-642=1 SUSE-SLE-Live-Patching-12-SP5-2022-643=1 SUSE-SLE-Live-Patching-12-SP5-2022-644=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-645=1 SUSE-SLE-Live-Patching-12-SP4-2022-646=1 SUSE-SLE-Live-Patching-12-SP4-2022-647=1 SUSE-SLE-Live-Patching-12-SP4-2022-648=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-4-2.1 kernel-livepatch-4_12_14-197_86-default-15-2.2 kernel-livepatch-4_12_14-197_89-default-12-2.1 kernel-livepatch-4_12_14-197_92-default-11-2.1 kernel-livepatch-4_12_14-197_99-default-9-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-4-2.1 kgraft-patch-4_12_14-122_63-default-15-2.2 kgraft-patch-4_12_14-122_66-default-13-2.1 kgraft-patch-4_12_14-122_71-default-12-2.1 kgraft-patch-4_12_14-122_74-default-10-2.1 kgraft-patch-4_12_14-122_77-default-10-2.1 kgraft-patch-4_12_14-122_80-default-9-2.1 kgraft-patch-4_12_14-122_83-default-8-2.1 kgraft-patch-4_12_14-122_88-default-6-2.1 kgraft-patch-4_12_14-122_91-default-6-2.1 kgraft-patch-4_12_14-122_98-default-4-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_71-default-15-2.2 kgraft-patch-4_12_14-95_74-default-12-2.1 kgraft-patch-4_12_14-95_80-default-9-2.1 kgraft-patch-4_12_14-95_83-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://bugzilla.suse.com/1194463 From sle-updates at lists.suse.com Tue Mar 1 17:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 18:19:06 +0100 (CET) Subject: SUSE-RU-2022:0651-1: important: Recommended update for crmsh Message-ID: <20220301171906.DDA5CF375@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0651-1 Rating: important References: #1194026 #1194615 #1194870 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix SBD not to overwrite SYSCONFIG_SBD and sbd-disk-metadata if input is 'n' during the configuration (bsc#1194870) - Fix help output of `crm cluster crash_test -h` (bsc#1194615) - Fix information message when the user need to change login shell (bsc#1194026) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-651=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-651=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20220208.73603501-5.74.1 crmsh-scripts-4.3.1+20220208.73603501-5.74.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20220208.73603501-5.74.1 crmsh-scripts-4.3.1+20220208.73603501-5.74.1 References: https://bugzilla.suse.com/1194026 https://bugzilla.suse.com/1194615 https://bugzilla.suse.com/1194870 From sle-updates at lists.suse.com Tue Mar 1 17:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 18:19:47 +0100 (CET) Subject: SUSE-RU-2022:0652-1: moderate: Recommended update for raspberrypi-eeprom Message-ID: <20220301171947.CA9C6F375@maintenance.suse.de> SUSE Recommended Update: Recommended update for raspberrypi-eeprom ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0652-1 Rating: moderate References: #1194950 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for raspberrypi-eeprom fixes the following issues: Update to version 2021.04.29 (bsc#1194950) - Use upstream version schema (year.month.day) instead of arbitrary 0.0 - Add support for NVMe to the bootloader with a new NVMe boot mode - Add support for [cm4] and [pi400] config conditionals filters - TFTP - reply to duplicate ACKS - Skip rendering of HDMI diagnostics display for the first 8 seconds unless an error occurs - Add support for the BCM2711 XHCI controller - BOOT_ORDER 0x5 - Add XHCI protocol layer fixes for non-VLI controllers - Avoid USB MSD timeout of there is only one device - Fix recovery.bin error handler so that the LED error pattern is still displayed even if HDMI or SDRAM fail - Fix GPIO expander reset issue on some Pi4B 1.1 to 1.3 boards - Fix regression for GPIO expander reset change which caused PMIC reset to get card out of 1V8 mode to be missed - Timeout USB MSD commands and move to the next boot mode if a device stops responding - Add support for booting from the BCM2711 XHCI controller which is the USB-C socket on Pi 4B / Pi 400 and the type A sockets on Compute Module 4 IO board - Validate SDRAM in recovery mode Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-652=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): raspberrypi-eeprom-2021.04.29-150300.3.3.1 raspberrypi-eeprom-firmware-2021.04.29-150300.3.3.1 References: https://bugzilla.suse.com/1194950 From sle-updates at lists.suse.com Tue Mar 1 20:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 21:19:20 +0100 (CET) Subject: SUSE-SU-2022:0653-1: important: Security update for cyrus-sasl Message-ID: <20220301201920.D468EF375@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0653-1 Rating: important References: #1196036 Cross-References: CVE-2022-24407 CVSS scores: CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-653=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-653=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-653=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-653=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-653=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-653=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-653=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 - SUSE OpenStack Cloud 8 (x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 - HPE Helion Openstack 8 (x86_64): cyrus-sasl-2.1.26-8.17.1 cyrus-sasl-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-2.1.26-8.17.1 cyrus-sasl-crammd5-32bit-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debuginfo-2.1.26-8.17.1 cyrus-sasl-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-debugsource-2.1.26-8.17.1 cyrus-sasl-digestmd5-2.1.26-8.17.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-2.1.26-8.17.1 cyrus-sasl-gssapi-32bit-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-2.1.26-8.17.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-otp-2.1.26-8.17.1 cyrus-sasl-otp-32bit-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-2.1.26-8.17.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.17.1 cyrus-sasl-plain-2.1.26-8.17.1 cyrus-sasl-plain-32bit-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-2.1.26-8.17.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.17.1 libsasl2-3-2.1.26-8.17.1 libsasl2-3-32bit-2.1.26-8.17.1 libsasl2-3-debuginfo-2.1.26-8.17.1 libsasl2-3-debuginfo-32bit-2.1.26-8.17.1 References: https://www.suse.com/security/cve/CVE-2022-24407.html https://bugzilla.suse.com/1196036 From sle-updates at lists.suse.com Tue Mar 1 20:22:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Mar 2022 21:22:31 +0100 (CET) Subject: SUSE-SU-2022:0654-1: important: Security update for php74 Message-ID: <20220301202231.C66DAF375@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0654-1 Rating: important References: #1196252 Cross-References: CVE-2021-21708 CVSS scores: CVE-2021-21708 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issues: - CVE-2021-21708: Fixed use after free due to php_filter_float() failing for ints (bsc#1196252). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-654=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-654=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.36.1 php74-debugsource-7.4.6-1.36.1 php74-devel-7.4.6-1.36.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.36.1 apache2-mod_php74-debuginfo-7.4.6-1.36.1 php74-7.4.6-1.36.1 php74-bcmath-7.4.6-1.36.1 php74-bcmath-debuginfo-7.4.6-1.36.1 php74-bz2-7.4.6-1.36.1 php74-bz2-debuginfo-7.4.6-1.36.1 php74-calendar-7.4.6-1.36.1 php74-calendar-debuginfo-7.4.6-1.36.1 php74-ctype-7.4.6-1.36.1 php74-ctype-debuginfo-7.4.6-1.36.1 php74-curl-7.4.6-1.36.1 php74-curl-debuginfo-7.4.6-1.36.1 php74-dba-7.4.6-1.36.1 php74-dba-debuginfo-7.4.6-1.36.1 php74-debuginfo-7.4.6-1.36.1 php74-debugsource-7.4.6-1.36.1 php74-dom-7.4.6-1.36.1 php74-dom-debuginfo-7.4.6-1.36.1 php74-enchant-7.4.6-1.36.1 php74-enchant-debuginfo-7.4.6-1.36.1 php74-exif-7.4.6-1.36.1 php74-exif-debuginfo-7.4.6-1.36.1 php74-fastcgi-7.4.6-1.36.1 php74-fastcgi-debuginfo-7.4.6-1.36.1 php74-fileinfo-7.4.6-1.36.1 php74-fileinfo-debuginfo-7.4.6-1.36.1 php74-fpm-7.4.6-1.36.1 php74-fpm-debuginfo-7.4.6-1.36.1 php74-ftp-7.4.6-1.36.1 php74-ftp-debuginfo-7.4.6-1.36.1 php74-gd-7.4.6-1.36.1 php74-gd-debuginfo-7.4.6-1.36.1 php74-gettext-7.4.6-1.36.1 php74-gettext-debuginfo-7.4.6-1.36.1 php74-gmp-7.4.6-1.36.1 php74-gmp-debuginfo-7.4.6-1.36.1 php74-iconv-7.4.6-1.36.1 php74-iconv-debuginfo-7.4.6-1.36.1 php74-intl-7.4.6-1.36.1 php74-intl-debuginfo-7.4.6-1.36.1 php74-json-7.4.6-1.36.1 php74-json-debuginfo-7.4.6-1.36.1 php74-ldap-7.4.6-1.36.1 php74-ldap-debuginfo-7.4.6-1.36.1 php74-mbstring-7.4.6-1.36.1 php74-mbstring-debuginfo-7.4.6-1.36.1 php74-mysql-7.4.6-1.36.1 php74-mysql-debuginfo-7.4.6-1.36.1 php74-odbc-7.4.6-1.36.1 php74-odbc-debuginfo-7.4.6-1.36.1 php74-opcache-7.4.6-1.36.1 php74-opcache-debuginfo-7.4.6-1.36.1 php74-openssl-7.4.6-1.36.1 php74-openssl-debuginfo-7.4.6-1.36.1 php74-pcntl-7.4.6-1.36.1 php74-pcntl-debuginfo-7.4.6-1.36.1 php74-pdo-7.4.6-1.36.1 php74-pdo-debuginfo-7.4.6-1.36.1 php74-pgsql-7.4.6-1.36.1 php74-pgsql-debuginfo-7.4.6-1.36.1 php74-phar-7.4.6-1.36.1 php74-phar-debuginfo-7.4.6-1.36.1 php74-posix-7.4.6-1.36.1 php74-posix-debuginfo-7.4.6-1.36.1 php74-readline-7.4.6-1.36.1 php74-readline-debuginfo-7.4.6-1.36.1 php74-shmop-7.4.6-1.36.1 php74-shmop-debuginfo-7.4.6-1.36.1 php74-snmp-7.4.6-1.36.1 php74-snmp-debuginfo-7.4.6-1.36.1 php74-soap-7.4.6-1.36.1 php74-soap-debuginfo-7.4.6-1.36.1 php74-sockets-7.4.6-1.36.1 php74-sockets-debuginfo-7.4.6-1.36.1 php74-sodium-7.4.6-1.36.1 php74-sodium-debuginfo-7.4.6-1.36.1 php74-sqlite-7.4.6-1.36.1 php74-sqlite-debuginfo-7.4.6-1.36.1 php74-sysvmsg-7.4.6-1.36.1 php74-sysvmsg-debuginfo-7.4.6-1.36.1 php74-sysvsem-7.4.6-1.36.1 php74-sysvsem-debuginfo-7.4.6-1.36.1 php74-sysvshm-7.4.6-1.36.1 php74-sysvshm-debuginfo-7.4.6-1.36.1 php74-tidy-7.4.6-1.36.1 php74-tidy-debuginfo-7.4.6-1.36.1 php74-tokenizer-7.4.6-1.36.1 php74-tokenizer-debuginfo-7.4.6-1.36.1 php74-xmlreader-7.4.6-1.36.1 php74-xmlreader-debuginfo-7.4.6-1.36.1 php74-xmlrpc-7.4.6-1.36.1 php74-xmlrpc-debuginfo-7.4.6-1.36.1 php74-xmlwriter-7.4.6-1.36.1 php74-xmlwriter-debuginfo-7.4.6-1.36.1 php74-xsl-7.4.6-1.36.1 php74-xsl-debuginfo-7.4.6-1.36.1 php74-zip-7.4.6-1.36.1 php74-zip-debuginfo-7.4.6-1.36.1 php74-zlib-7.4.6-1.36.1 php74-zlib-debuginfo-7.4.6-1.36.1 References: https://www.suse.com/security/cve/CVE-2021-21708.html https://bugzilla.suse.com/1196252 From sle-updates at lists.suse.com Wed Mar 2 07:29:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 08:29:36 +0100 (CET) Subject: SUSE-IU-2022:284-1: Security update of suse-sles-15-sp3-chost-byos-v20220222-hvm-ssd-x86_64 Message-ID: <20220302072936.DE2B4F375@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220222-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:284-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220222-hvm-ssd-x86_64:20220222 Image Release : Severity : critical Type : security References : 1057592 1139519 1154353 1154488 1156395 1156920 1159205 1160634 1160654 1176447 1177599 1178357 1181163 1181812 1182227 1183405 1183407 1183495 1183572 1183574 1185377 1186506 1187428 1187723 1188019 1188571 1188605 1189152 1189560 1190395 1191015 1191057 1191121 1191227 1191334 1191434 1191532 1191826 1191881 1192164 1192311 1192353 1192637 1192684 1192685 1193007 1193086 1193096 1193273 1193488 1193506 1193690 1193767 1193802 1193861 1193864 1193867 1194048 1194178 1194227 1194265 1194291 1194392 1194522 1194576 1194581 1194588 1194597 1194640 1194661 1194716 1194768 1194770 1194785 1194859 1194880 1194898 1194968 1195009 1195048 1195054 1195062 1195065 1195073 1195142 1195183 1195184 1195217 1195254 1195267 1195293 1195371 1195476 1195477 1195478 1195479 1195480 1195481 1195482 954813 CVE-2020-27840 CVE-2020-28097 CVE-2021-20277 CVE-2021-20316 CVE-2021-22600 CVE-2021-36222 CVE-2021-39648 CVE-2021-39657 CVE-2021-39685 CVE-2021-3997 CVE-2021-3999 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2021-44733 CVE-2021-45095 CVE-2022-0286 CVE-2022-0330 CVE-2022-0336 CVE-2022-0435 CVE-2022-22942 CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220222-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:317-1 Released: Thu Feb 3 10:06:59 2022 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1057592,1156920,1160654,1178357,1181163,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392 This update for wicked fixes the following issues: - Fix device rename issue when done via Yast2 (bsc#1194392) - Prepare RPM packaging for migration of dbus configuration files from /etc to /usr, however this change does not affect SUSE Linux Enterprise 15 Service Pack 3 (bsc#1183407,jsc#SLE-9750) - Parse sysctl files in the correct order - Fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - Add option for dhcp4 to set route pref-src to dhcp IP (bsc#1192353) - Cleanup warnings, time calculations and add dhcp fixes to reduce resource usage (bsc#1188019) - Avoid sysfs attribute read error when the kernel has already deleted the TUN/TAP interface (bsc#1192311) - Fix warning in `ifstatus` about unexpected interface flag combination (bsc#1192164) - Fix `ifstatus` not to show link as 'up' when interface is not running - Make firewalld zone assignment permanent (bsc#1189560) - Initial fixes for dracut integration and improved option handling (bsc#1182227) - Fix `nanny` to identify node owner exit condition - Add `ethtool --get-permanent-address` option in the client - Reconnect on unexpected wpa_supplicant restart (bsc#1183495) - Migrate wireless to wpa-supplicant v1 DBus interface (bsc#1156920) - Support multiple wireless networks configurations per interface - Show wireless connection status and scan-results (bsc#1160654) - Fix eap-tls,ttls cetificate handling and fix open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - Updated `man ifcfg-wireless` manual pages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:322-1 Released: Thu Feb 3 14:03:19 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192685,1194716 This update for dracut fixes the following issues: - Fix(network): consistent use of '$gw' for gateway (bsc#1192685) - Fix(install): handle builtin modules (bsc#1194716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:333-1 Released: Fri Feb 4 09:30:26 2022 Summary: Security update for xen Type: security Severity: important References: 1194576,1194581,1194588,CVE-2022-23033,CVE-2022-23034,CVE-2022-23035 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:334-1 Released: Fri Feb 4 09:30:58 2022 Summary: Security update for containerd, docker Type: security Severity: moderate References: 1191015,1191121,1191334,1191434,1193273,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103,CVE-2021-41190 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:340-1 Released: Mon Feb 7 13:08:14 2022 Summary: Security update for the Linux Kernel Type: recommended Severity: moderate References: 1195142 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various a regression bugfix. The following non-security bugs were fixed: - drm/radeon: fix error handling in radeon_driver_open_kms that could lead to non-booting systems with Radeon cards (bsc#1195142). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:370-1 Released: Fri Feb 11 08:35:29 2022 Summary: Security update for the Linux Kernel Type: security Severity: critical References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482,CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:513-1 Released: Fri Feb 18 12:43:10 2022 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1159205,1190395 This update for grub2 fixes the following issues: - Fix wrong default entry when booting snapshot (bsc#1159205). - Improve support for SLE Micro 5.1 on s390x (bsc#1190395). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:548-1 Released: Tue Feb 22 13:48:55 2022 Summary: Recommended update for blog Type: recommended Severity: moderate References: 1186506,1191057 This update for blog fixes the following issues: - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (bsc#1186506) - Move to /usr for UsrMerge (bsc#1191057) - Update to version 2.21 * Merge pull request #4 from samueldr/fix/makefile Fixup Makefile for better build system support * Silent new gcc compiler The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.11.2 updated - apparmor-parser-2.13.6-150300.3.11.2 updated - blog-2.26-150300.4.3.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - containerd-ctr-1.4.12-60.1 updated - containerd-1.4.12-60.1 updated - coreutils-8.32-150300.3.5.1 updated - docker-20.10.12_ce-159.1 updated - dracut-049.1+suse.228.g07676562-3.54.1 updated - glibc-locale-base-2.31-150300.9.12.1 updated - glibc-locale-2.31-150300.9.12.1 updated - glibc-2.31-150300.9.12.1 updated - grub2-i386-pc-2.04-150300.22.12.2 updated - grub2-x86_64-efi-2.04-150300.22.12.2 updated - grub2-x86_64-xen-2.04-150300.22.12.2 updated - grub2-2.04-150300.22.12.2 updated - kernel-default-5.3.18-150300.59.49.1 updated - krb5-1.19.2-150300.8.3.2 updated - libapparmor1-2.13.6-150300.3.11.1 updated - libblogger2-2.26-150300.4.3.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.12.1 updated - libldb2-2.4.1-150300.3.10.1 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libsystemd0-246.16-150300.7.39.1 updated - libtalloc2-2.3.3-150300.3.3.2 updated - libtdb1-1.4.4-150300.3.3.2 updated - libtevent0-0.11.0-150300.3.3.2 updated - libudev1-246.16-150300.7.39.1 updated - libzypp-17.29.3-27.1 updated - nfs-client-2.1.1-10.21.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 added - systemd-sysvinit-246.16-150300.7.39.1 updated - systemd-246.16-150300.7.39.1 updated - udev-246.16-150300.7.39.1 updated - wicked-service-0.6.68-150300.4.5.1 updated - wicked-0.6.68-150300.4.5.1 updated - xen-libs-4.14.3_06-150300.3.18.2 updated - xen-tools-domU-4.14.3_06-150300.3.18.2 updated - zypper-1.14.51-24.1 updated - gamin-server-0.1.10-1.41 removed - libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libfam0-gamin-0.1.10-3.2.3 removed - libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 removed - python3-ldb-2.2.2-3.3.1 removed - python3-talloc-2.3.1-1.40 removed - samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 removed - samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 removed From sle-updates at lists.suse.com Wed Mar 2 08:05:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 09:05:10 +0100 (CET) Subject: SUSE-CU-2022:241-1: Security update of suse/sles12sp3 Message-ID: <20220302080510.6C066F375@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:241-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.357 , suse/sles12sp3:latest Container Release : 24.357 Severity : important Type : security References : 1196036 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:653-1 Released: Tue Mar 1 18:13:50 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following package changes have been done: - libsasl2-3-2.1.26-8.17.1 updated From sle-updates at lists.suse.com Wed Mar 2 14:17:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 15:17:47 +0100 (CET) Subject: SUSE-SU-2022:0657-1: important: Security update for nodejs12 Message-ID: <20220302141747.93459F37A@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0657-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-657=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-657=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-657=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-657=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-657=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-657=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-657=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-657=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-657=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-657=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Manager Server 4.1 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Manager Proxy 4.1 (x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Manager Proxy 4.1 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Enterprise Storage 7 (noarch): nodejs12-docs-12.22.10-4.29.3 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 From sle-updates at lists.suse.com Wed Mar 2 14:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 15:18:52 +0100 (CET) Subject: SUSE-SU-2022:0667-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) Message-ID: <20220302141852.58F8FF37A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0667-1 Rating: important References: #1194463 Cross-References: CVE-2021-0920 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_144 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-669=1 SUSE-SLE-SAP-12-SP3-2022-670=1 SUSE-SLE-SAP-12-SP3-2022-671=1 SUSE-SLE-SAP-12-SP3-2022-672=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-669=1 SUSE-SLE-SERVER-12-SP3-2022-670=1 SUSE-SLE-SERVER-12-SP3-2022-671=1 SUSE-SLE-SERVER-12-SP3-2022-672=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-663=1 SUSE-SLE-Module-Live-Patching-15-2022-664=1 SUSE-SLE-Module-Live-Patching-15-2022-665=1 SUSE-SLE-Module-Live-Patching-15-2022-666=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-667=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_141-default-15-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-15-2.2 kgraft-patch-4_4_180-94_144-default-12-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-12-2.1 kgraft-patch-4_4_180-94_147-default-9-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-9-2.1 kgraft-patch-4_4_180-94_150-default-5-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-5-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_141-default-15-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-15-2.2 kgraft-patch-4_4_180-94_144-default-12-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-12-2.1 kgraft-patch-4_4_180-94_147-default-9-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-9-2.1 kgraft-patch-4_4_180-94_150-default-5-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-5-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_69-default-15-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-15-2.2 kernel-livepatch-4_12_14-150_72-default-12-2.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-12-2.1 kernel-livepatch-4_12_14-150_75-default-9-2.1 kernel-livepatch-4_12_14-150_75-default-debuginfo-9-2.1 kernel-livepatch-4_12_14-150_78-default-4-2.1 kernel-livepatch-4_12_14-150_78-default-debuginfo-4-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_77-default-11-2.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://bugzilla.suse.com/1194463 From sle-updates at lists.suse.com Wed Mar 2 14:19:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 15:19:31 +0100 (CET) Subject: SUSE-SU-2022:0668-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP3) Message-ID: <20220302141931.EB6F1F37A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0668-1 Rating: important References: #1182294 #1194463 Cross-References: CVE-2021-0920 CVE-2021-28688 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_153 fixes several issues. The following security issues were fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bsc#1182294). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-668=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-668=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_153-default-2-2.1 kgraft-patch-4_4_180-94_153-default-debuginfo-2-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_153-default-2-2.1 kgraft-patch-4_4_180-94_153-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-28688.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1194463 From sle-updates at lists.suse.com Wed Mar 2 14:20:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 15:20:14 +0100 (CET) Subject: SUSE-SU-2022:0660-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) Message-ID: <20220302142014.428C6F37A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0660-1 Rating: important References: #1194463 #1195307 #1195947 Cross-References: CVE-2021-0920 CVE-2021-22600 CVE-2022-0516 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_27 fixes several issues. The following security issues were fixed: - CVE-2022-0516: Fixed KVM s390 return error on SIDA memop on normal guest (bsc#1195947). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bsc#1195307). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-659=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-660=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-661=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-662=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_10-default-10-150300.2.1 kernel-livepatch-5_3_18-59_10-default-debuginfo-10-150300.2.1 kernel-livepatch-5_3_18-59_16-default-9-150300.2.1 kernel-livepatch-5_3_18-59_16-default-debuginfo-9-150300.2.1 kernel-livepatch-5_3_18-59_27-default-6-150300.2.1 kernel-livepatch-5_3_18-59_27-default-debuginfo-6-150300.2.1 kernel-livepatch-5_3_18-59_37-default-4-150300.2.1 kernel-livepatch-5_3_18-59_37-default-debuginfo-4-150300.2.1 kernel-livepatch-SLE15-SP3_Update_10-debugsource-4-150300.2.1 kernel-livepatch-SLE15-SP3_Update_2-debugsource-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_4-debugsource-9-150300.2.1 kernel-livepatch-SLE15-SP3_Update_7-debugsource-6-150300.2.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-22600.html https://www.suse.com/security/cve/CVE-2022-0516.html https://bugzilla.suse.com/1194463 https://bugzilla.suse.com/1195307 https://bugzilla.suse.com/1195947 From sle-updates at lists.suse.com Wed Mar 2 14:21:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 15:21:02 +0100 (CET) Subject: SUSE-RU-2022:0656-1: moderate: Recommended update for scap-security-guide Message-ID: <20220302142102.66084F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0656-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-656=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.60-3.23.1 scap-security-guide-debian-0.1.60-3.23.1 scap-security-guide-redhat-0.1.60-3.23.1 scap-security-guide-ubuntu-0.1.60-3.23.1 References: From sle-updates at lists.suse.com Wed Mar 2 14:22:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 15:22:56 +0100 (CET) Subject: SUSE-RU-2022:0655-1: moderate: Recommended update for vsftpd Message-ID: <20220302142256.22EFBF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0655-1 Rating: moderate References: #1042673 #1070653 #1083705 #1089088 #1125951 #1144062 #1179553 #1180314 #1181400 #1187188 #786024 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: This update enables vsftpd to speak TLS 1.3 in ssl FTP mode by linking against openssl 1.1.1. Bugfixes added: - Fixed a seccomp failure in FIPS mode when SSL was enabled. [bsc#1052900] - allow stat() to be called, which is required during SSL initialization by RAND_load_file(). - allow wait4() to be called so that the broker can wait for its child processes. [bsc#1021387] - Revert the "ssl_tlsv1_X"-style config file options back to their original spelling. The changes that dropped the underscore from the version numbers in release 3.0.4 breaks existing configurations and it was never documented anywhere -- not in the package's changelog and not in the packages's own man page. - vsftpd follows the system-wide TLS cipher policy "DEFAULT_SUSE" by default. Run the command "openssl ciphers -v DEFAULT_SUSE" to see which ciphers this includes. - allow sendto() syscall when /dev/log support is enabled. [bsc#786024] - allow sendto() to be called from check_limits(), which is necessary for vsftpd to write to the system log. - Added hardening to systemd service(s) (bsc#1181400). Update to version 3.0.5: * Fix ALPN callback to correctly select the 'ftp' string if present. Works with FileZilla-3.55.0. * Fix a couple of seccomp policy issues with Fedora 34. Update to version 3.0.4. * Fix runtime SIGSYS crashes (seccomp sandbox policy tweaks). * Reject HTTP verbs pre-login. * Disable TLS prior to v1.2 by default. * Close the control connection after 10 unknown commands pre-login. * Reject any TLS ALPN advertisement that's not 'ftp'. * Add ssl_sni_hostname option to require a match on incoming SNI hostname. * The options "ssl_tlsv1_1", "ssl_tlsv1_2", and "ssl_tlsv1_3" have been renamed to "ssl_tlsv11", "ssl_tlsv12", and "ssl_tlsv13" respectively. Note that the man page has not been updated accordingly. - OpenSSL was updated to version 1.1.1 in SLE-15-SP2, adding support for the TLSv1.3 protocol. As a consequence, some SLE-15 applications that link OpenSSL for TLS support -- like vsftpd --, gained the ability to use the newer TLS protocol, which created interoperability problems with FTP clients in some cases. To remedy the situation, "0001-Introduce-TLSv1.3-option.patch" was applied in a forked SLE-15-SP2 version of vsftpd. The patch adds the configuration option "ssl_tlsv1_3" that system administrators can use to disable TLSv1.3 support on their servers. [bsc#1187188] - allow getdents64 syscall in seccomp sandbox, fixes bsc#1179553 - Add pam_keyinit.so to PAM config file. [bsc#1144062] - Fixed a segmentation fault that occurred while trying to write to an invalid TLS context. [bsc#1125951] - Enable wait4(), sysinfo(), and shutdown() syscalls in seccomp sandbox. These are required for the daemon to work properly on SLE-15. [bsc#1089088, bsc#1180314] - Add firewalld service file (bsc#1083705) - Make sure to also require group nobody and user ftp bsc#1070653 - Fixed interoperability issue with various ftp clients that arose when vsftpd is configured with option "use_localtime=YES". Basically, it's fine to use local time stamps in directory listings, but responding to MDTM commands with any time zone other than UTC directly violates RFC3659 and leads FTP clients to misinterpret the file's time stamp. [bsc#1024961] - Conditionally install xinetd service only on older releases * On current distributions we support the same functionality via systemd socket activation - Fix build against OpenSSL 1.1. (bsc#1042673) - Version bump to 3.0.3: * Increase VSFTP_AS_LIMIT to 200MB; various reports. * Make the PWD response more RFC compliant; report from Barry Kelly . * Remove the trailing period from EPSV response to work around BT Internet issues; report from Tim Bishop . * Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil . At least, syslogging seems to work on my Fedora now. * Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I probably have a different distro / libc / etc. and there are multiple reports. * Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle this case gracefully. Report from Vasily Averin . * List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default. * Make some compile-time SSL defaults (such as correct client shutdown handling) stricter. * Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms delays. From Tim Kosse . * Kill the FTP session if we see HTTP protocol commands, to avoid cross-protocol attacks. A report from Jann Horn . * Kill the FTP session if we see session re-use failure. A report from Tim Kosse . * Enable ECDHE, Tim Kosse . * Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384. * Minor SSL logging improvements. * Un-default tunable_strict_ssl_write_shutdown again. We still have tunable_strict_ssl_read_eof defaulted now, which is the important one to prove upload integrity. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-655=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-48.3.1 vsftpd-debuginfo-3.0.5-48.3.1 vsftpd-debugsource-3.0.5-48.3.1 References: https://bugzilla.suse.com/1042673 https://bugzilla.suse.com/1070653 https://bugzilla.suse.com/1083705 https://bugzilla.suse.com/1089088 https://bugzilla.suse.com/1125951 https://bugzilla.suse.com/1144062 https://bugzilla.suse.com/1179553 https://bugzilla.suse.com/1180314 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1187188 https://bugzilla.suse.com/786024 From sle-updates at lists.suse.com Wed Mar 2 17:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 18:17:39 +0100 (CET) Subject: SUSE-RU-2022:0674-1: moderate: Recommended update for yast2-network Message-ID: <20220302171739.796EDF379@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0674-1 Rating: moderate References: #1187512 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-674=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-674=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-674=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-674=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-674=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): augeas-1.10.1-3.5.1 augeas-debuginfo-1.10.1-3.5.1 augeas-debugsource-1.10.1-3.5.1 augeas-devel-1.10.1-3.5.1 augeas-lenses-1.10.1-3.5.1 libaugeas0-1.10.1-3.5.1 libaugeas0-debuginfo-1.10.1-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.5.1 augeas-debuginfo-1.10.1-3.5.1 augeas-debugsource-1.10.1-3.5.1 augeas-devel-1.10.1-3.5.1 augeas-lenses-1.10.1-3.5.1 libaugeas0-1.10.1-3.5.1 libaugeas0-debuginfo-1.10.1-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-network-4.3.81-150300.3.25.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): augeas-1.10.1-3.5.1 augeas-debuginfo-1.10.1-3.5.1 augeas-debugsource-1.10.1-3.5.1 augeas-lenses-1.10.1-3.5.1 libaugeas0-1.10.1-3.5.1 libaugeas0-debuginfo-1.10.1-3.5.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): augeas-1.10.1-3.5.1 augeas-debuginfo-1.10.1-3.5.1 augeas-debugsource-1.10.1-3.5.1 augeas-lenses-1.10.1-3.5.1 libaugeas0-1.10.1-3.5.1 libaugeas0-debuginfo-1.10.1-3.5.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.5.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): yast2-network-4.3.81-150300.3.25.1 References: https://bugzilla.suse.com/1187512 From sle-updates at lists.suse.com Wed Mar 2 17:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Mar 2022 18:18:46 +0100 (CET) Subject: SUSE-RU-2022:0673-1: moderate: Recommended update for sudo Message-ID: <20220302171846.940BCF379@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0673-1 Rating: moderate References: #1181703 SLE-20068 SLE-22569 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-673=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-673=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.18.1 sudo-debugsource-1.8.27-4.18.1 sudo-devel-1.8.27-4.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.18.1 sudo-debuginfo-1.8.27-4.18.1 sudo-debugsource-1.8.27-4.18.1 References: https://bugzilla.suse.com/1181703 From sle-updates at lists.suse.com Wed Mar 2 23:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 00:17:58 +0100 (CET) Subject: SUSE-SU-2022:0675-1: moderate: Security update for ldns Message-ID: <20220302231758.1C2BFF37E@maintenance.suse.de> SUSE Security Update: Security update for ldns ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0675-1 Rating: moderate References: #1195057 #1195058 Cross-References: CVE-2020-19860 CVE-2020-19861 CVSS scores: CVE-2020-19860 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2020-19860 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-19861 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ldns fixes the following issues: - CVE-2020-19860: Fixed heap-based out of bounds read when verifying a zone file (bsc#1195057). - CVE-2020-19861: Fixed heap-based out of bounds read in ldns_nsec3_salt_data() (bsc#1195058). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-675=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-675=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-675=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): ldns-debuginfo-1.7.0-4.6.1 ldns-debugsource-1.7.0-4.6.1 ldns-devel-1.7.0-4.6.1 libldns2-1.7.0-4.6.1 libldns2-debuginfo-1.7.0-4.6.1 perl-DNS-LDNS-1.7.0-4.6.1 perl-DNS-LDNS-debuginfo-1.7.0-4.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ldns-debuginfo-1.7.0-4.6.1 ldns-debugsource-1.7.0-4.6.1 perl-DNS-LDNS-1.7.0-4.6.1 perl-DNS-LDNS-debuginfo-1.7.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldns-debuginfo-1.7.0-4.6.1 ldns-debugsource-1.7.0-4.6.1 ldns-devel-1.7.0-4.6.1 libldns2-1.7.0-4.6.1 libldns2-debuginfo-1.7.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2020-19860.html https://www.suse.com/security/cve/CVE-2020-19861.html https://bugzilla.suse.com/1195057 https://bugzilla.suse.com/1195058 From sle-updates at lists.suse.com Wed Mar 2 23:18:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 00:18:49 +0100 (CET) Subject: SUSE-SU-2022:0676-1: important: Security update for MozillaFirefox Message-ID: <20220302231849.77B61F37E@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0676-1 Rating: important References: #1195230 #1195682 Cross-References: CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-676=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-676=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-676=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-676=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-676=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-676=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-676=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-676=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-676=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-676=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.6.0-150.18.1 MozillaFirefox-debuginfo-91.6.0-150.18.1 MozillaFirefox-debugsource-91.6.0-150.18.1 MozillaFirefox-devel-91.6.0-150.18.1 MozillaFirefox-translations-common-91.6.0-150.18.1 MozillaFirefox-translations-other-91.6.0-150.18.1 References: https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1195230 https://bugzilla.suse.com/1195682 From sle-updates at lists.suse.com Wed Mar 2 23:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 00:20:26 +0100 (CET) Subject: SUSE-SU-2022:0679-1: moderate: Security update for php7 Message-ID: <20220302232026.1F2D1F37E@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0679-1 Rating: moderate References: #1038980 #1081790 #1192050 #1193041 Cross-References: CVE-2015-9253 CVE-2017-8923 CVE-2021-21703 CVE-2021-21707 CVSS scores: CVE-2015-9253 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-9253 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-8923 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-21707 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050). - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). - CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-679=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-679=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-679=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-679=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-679=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-679=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-679=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-679=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-679=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-679=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise Server for SAP 15 (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise Server 15-LTSS (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 - SUSE Enterprise Storage 6 (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE CaaS Platform 4.0 (noarch): php7-pear-7.2.5-4.89.4 php7-pear-Archive_Tar-7.2.5-4.89.4 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_php7-7.2.5-4.89.4 apache2-mod_php7-debuginfo-7.2.5-4.89.4 php7-7.2.5-4.89.4 php7-bcmath-7.2.5-4.89.4 php7-bcmath-debuginfo-7.2.5-4.89.4 php7-bz2-7.2.5-4.89.4 php7-bz2-debuginfo-7.2.5-4.89.4 php7-calendar-7.2.5-4.89.4 php7-calendar-debuginfo-7.2.5-4.89.4 php7-ctype-7.2.5-4.89.4 php7-ctype-debuginfo-7.2.5-4.89.4 php7-curl-7.2.5-4.89.4 php7-curl-debuginfo-7.2.5-4.89.4 php7-dba-7.2.5-4.89.4 php7-dba-debuginfo-7.2.5-4.89.4 php7-debuginfo-7.2.5-4.89.4 php7-debugsource-7.2.5-4.89.4 php7-devel-7.2.5-4.89.4 php7-dom-7.2.5-4.89.4 php7-dom-debuginfo-7.2.5-4.89.4 php7-enchant-7.2.5-4.89.4 php7-enchant-debuginfo-7.2.5-4.89.4 php7-exif-7.2.5-4.89.4 php7-exif-debuginfo-7.2.5-4.89.4 php7-fastcgi-7.2.5-4.89.4 php7-fastcgi-debuginfo-7.2.5-4.89.4 php7-fileinfo-7.2.5-4.89.4 php7-fileinfo-debuginfo-7.2.5-4.89.4 php7-fpm-7.2.5-4.89.4 php7-fpm-debuginfo-7.2.5-4.89.4 php7-ftp-7.2.5-4.89.4 php7-ftp-debuginfo-7.2.5-4.89.4 php7-gd-7.2.5-4.89.4 php7-gd-debuginfo-7.2.5-4.89.4 php7-gettext-7.2.5-4.89.4 php7-gettext-debuginfo-7.2.5-4.89.4 php7-gmp-7.2.5-4.89.4 php7-gmp-debuginfo-7.2.5-4.89.4 php7-iconv-7.2.5-4.89.4 php7-iconv-debuginfo-7.2.5-4.89.4 php7-intl-7.2.5-4.89.4 php7-intl-debuginfo-7.2.5-4.89.4 php7-json-7.2.5-4.89.4 php7-json-debuginfo-7.2.5-4.89.4 php7-ldap-7.2.5-4.89.4 php7-ldap-debuginfo-7.2.5-4.89.4 php7-mbstring-7.2.5-4.89.4 php7-mbstring-debuginfo-7.2.5-4.89.4 php7-mysql-7.2.5-4.89.4 php7-mysql-debuginfo-7.2.5-4.89.4 php7-odbc-7.2.5-4.89.4 php7-odbc-debuginfo-7.2.5-4.89.4 php7-opcache-7.2.5-4.89.4 php7-opcache-debuginfo-7.2.5-4.89.4 php7-openssl-7.2.5-4.89.4 php7-openssl-debuginfo-7.2.5-4.89.4 php7-pcntl-7.2.5-4.89.4 php7-pcntl-debuginfo-7.2.5-4.89.4 php7-pdo-7.2.5-4.89.4 php7-pdo-debuginfo-7.2.5-4.89.4 php7-pgsql-7.2.5-4.89.4 php7-pgsql-debuginfo-7.2.5-4.89.4 php7-phar-7.2.5-4.89.4 php7-phar-debuginfo-7.2.5-4.89.4 php7-posix-7.2.5-4.89.4 php7-posix-debuginfo-7.2.5-4.89.4 php7-readline-7.2.5-4.89.4 php7-readline-debuginfo-7.2.5-4.89.4 php7-shmop-7.2.5-4.89.4 php7-shmop-debuginfo-7.2.5-4.89.4 php7-snmp-7.2.5-4.89.4 php7-snmp-debuginfo-7.2.5-4.89.4 php7-soap-7.2.5-4.89.4 php7-soap-debuginfo-7.2.5-4.89.4 php7-sockets-7.2.5-4.89.4 php7-sockets-debuginfo-7.2.5-4.89.4 php7-sodium-7.2.5-4.89.4 php7-sodium-debuginfo-7.2.5-4.89.4 php7-sqlite-7.2.5-4.89.4 php7-sqlite-debuginfo-7.2.5-4.89.4 php7-sysvmsg-7.2.5-4.89.4 php7-sysvmsg-debuginfo-7.2.5-4.89.4 php7-sysvsem-7.2.5-4.89.4 php7-sysvsem-debuginfo-7.2.5-4.89.4 php7-sysvshm-7.2.5-4.89.4 php7-sysvshm-debuginfo-7.2.5-4.89.4 php7-tidy-7.2.5-4.89.4 php7-tidy-debuginfo-7.2.5-4.89.4 php7-tokenizer-7.2.5-4.89.4 php7-tokenizer-debuginfo-7.2.5-4.89.4 php7-wddx-7.2.5-4.89.4 php7-wddx-debuginfo-7.2.5-4.89.4 php7-xmlreader-7.2.5-4.89.4 php7-xmlreader-debuginfo-7.2.5-4.89.4 php7-xmlrpc-7.2.5-4.89.4 php7-xmlrpc-debuginfo-7.2.5-4.89.4 php7-xmlwriter-7.2.5-4.89.4 php7-xmlwriter-debuginfo-7.2.5-4.89.4 php7-xsl-7.2.5-4.89.4 php7-xsl-debuginfo-7.2.5-4.89.4 php7-zip-7.2.5-4.89.4 php7-zip-debuginfo-7.2.5-4.89.4 php7-zlib-7.2.5-4.89.4 php7-zlib-debuginfo-7.2.5-4.89.4 References: https://www.suse.com/security/cve/CVE-2015-9253.html https://www.suse.com/security/cve/CVE-2017-8923.html https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2021-21707.html https://bugzilla.suse.com/1038980 https://bugzilla.suse.com/1081790 https://bugzilla.suse.com/1192050 https://bugzilla.suse.com/1193041 From sle-updates at lists.suse.com Wed Mar 2 23:21:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 00:21:20 +0100 (CET) Subject: SUSE-SU-2022:0678-1: moderate: Security update for gnutls Message-ID: <20220302232120.CC4F1F37E@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0678-1 Rating: moderate References: #1196167 Cross-References: CVE-2021-4209 CVSS scores: CVE-2021-4209 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-678=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libgnutls30-3.4.17-8.11.1 libgnutls30-debuginfo-3.4.17-8.11.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gnutls-debugsource-3.4.17-8.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgnutls30-32bit-3.4.17-8.11.1 libgnutls30-debuginfo-32bit-3.4.17-8.11.1 References: https://www.suse.com/security/cve/CVE-2021-4209.html https://bugzilla.suse.com/1196167 From sle-updates at lists.suse.com Wed Mar 2 23:22:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 00:22:31 +0100 (CET) Subject: SUSE-SU-2022:0677-1: moderate: Security update for gnutls Message-ID: <20220302232231.4FC7EF37E@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0677-1 Rating: moderate References: #1196167 Cross-References: CVE-2021-4209 CVSS scores: CVE-2021-4209 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-677=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-677=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.3.27-3.6.1 gnutls-debugsource-3.3.27-3.6.1 libgnutls-devel-3.3.27-3.6.1 libgnutls-openssl-devel-3.3.27-3.6.1 libgnutlsxx-devel-3.3.27-3.6.1 libgnutlsxx28-3.3.27-3.6.1 libgnutlsxx28-debuginfo-3.3.27-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gnutls-3.3.27-3.6.1 gnutls-debuginfo-3.3.27-3.6.1 gnutls-debugsource-3.3.27-3.6.1 libgnutls-openssl27-3.3.27-3.6.1 libgnutls-openssl27-debuginfo-3.3.27-3.6.1 libgnutls28-3.3.27-3.6.1 libgnutls28-debuginfo-3.3.27-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgnutls28-32bit-3.3.27-3.6.1 libgnutls28-debuginfo-32bit-3.3.27-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-4209.html https://bugzilla.suse.com/1196167 From sle-updates at lists.suse.com Thu Mar 3 08:32:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 09:32:39 +0100 (CET) Subject: SUSE-CU-2022:242-1: Recommended update of suse/sle15 Message-ID: <20220303083239.78BF4F37E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:242-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.517 Container Release : 4.22.517 Severity : moderate Type : recommended References : 1187512 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) The following package changes have been done: - libaugeas0-1.10.1-3.5.1 updated From sle-updates at lists.suse.com Thu Mar 3 13:39:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:39:36 +0100 (CET) Subject: SUSE-RU-2022:0685-1: important: Recommended update for clingo, python-Sphinx_4_2_0, python-sphinxcontrib-applehelp, python-sphinxcontrib-devhelp, python-sphinxcontrib-htmlhelp, python-sphinxcontrib-jsmath, python-sphinxcontrib-qthelp, python-sphinxcontrib-serializinghtml, spack Message-ID: <20220303133936.4A36DF37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for clingo, python-Sphinx_4_2_0, python-sphinxcontrib-applehelp, python-sphinxcontrib-devhelp, python-sphinxcontrib-htmlhelp, python-sphinxcontrib-jsmath, python-sphinxcontrib-qthelp, python-sphinxcontrib-serializinghtml, spack ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0685-1 Rating: important References: #1166965 #1193712 SLE-22137 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for clingo, python-Sphinx_4_2_0, python-sphinxcontrib-applehelp, python-sphinxcontrib-devhelp, python-sphinxcontrib-htmlhelp, python-sphinxcontrib-jsmath, python-sphinxcontrib-qthelp, python-sphinxcontrib-serializinghtml, spack fixes the following issues: - added python-cffi as Requires (bsc#1193712) - create a sub lib package - fix some build errors, remove unwanted files - update to version 5.5.0 - clingo is used by default for spack version earlier than 0.17 (jsc#SLE-22137) - first release for SUSE (from fedora spec) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-685=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): clingo-5.5.0-150300.7.4.1 clingo-debuginfo-5.5.0-150300.7.4.1 clingo-devel-5.5.0-150300.7.4.1 libclingo4-5.5.0-150300.7.4.1 libclingo4-debuginfo-5.5.0-150300.7.4.1 python3-clingo-5.5.0-150300.7.4.1 python3-clingo-debuginfo-5.5.0-150300.7.4.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): spack-0.17.1-150300.5.8.2 spack-info-0.17.1-150300.5.8.3 spack-man-0.17.1-150300.5.8.3 spack-recipes-0.17.1-150300.5.8.2 References: https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1193712 From sle-updates at lists.suse.com Thu Mar 3 13:40:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:40:15 +0100 (CET) Subject: SUSE-RU-2022:0684-1: moderate: Recommended update for powerpc-utils Message-ID: <20220303134015.DEFF0F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0684-1 Rating: moderate References: #1187716 #1191147 #1194579 #1195413 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - errinjct: sanitize devspec output of a newline if one is present. (bsc#1194579) - lparstat: report LPAR name from 'lparcfg'. (bsc#1187716) - Fix reported online memory in legacy format. (bsc#1191147) - Install smt.state as config file. (bsc#1195413) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-684=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.9-8.8.1 powerpc-utils-debuginfo-1.3.9-8.8.1 powerpc-utils-debugsource-1.3.9-8.8.1 References: https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1191147 https://bugzilla.suse.com/1194579 https://bugzilla.suse.com/1195413 From sle-updates at lists.suse.com Thu Mar 3 13:41:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:41:05 +0100 (CET) Subject: SUSE-RU-2022:0686-1: moderate: Recommended update for powerpc-utils Message-ID: <20220303134105.1A01CF37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0686-1 Rating: moderate References: #1187716 #1191147 #1194579 #1195413 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for powerpc-utils fixes the following issues: - errinjct: sanitize devspec output of a newline if one is present. (bsc#1194579) - Fix reported online memory in legacy format. (bsc#1191147) - lparstat: report LPAR name from 'lparcfg'. (bsc#1187716) - Install 'smt.state' as config file. (bsc#1195413) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-686=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): powerpc-utils-1.3.9-150300.9.17.1 powerpc-utils-debuginfo-1.3.9-150300.9.17.1 powerpc-utils-debugsource-1.3.9-150300.9.17.1 References: https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1191147 https://bugzilla.suse.com/1194579 https://bugzilla.suse.com/1195413 From sle-updates at lists.suse.com Thu Mar 3 13:41:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:41:54 +0100 (CET) Subject: SUSE-RU-2022:0689-1: important: Recommended update for python-openstackclient, python-openstackdocstheme, python-oslo.context, python-oslosphinx, python-reno Message-ID: <20220303134154.A8632F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-openstackclient, python-openstackdocstheme, python-oslo.context, python-oslosphinx, python-reno ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0689-1 Rating: important References: #1191205 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-openstackclient fixes the following issues: - update to version 5.2.0 (bsc#1191205) - Add bindep file - Use 'KeyValueAppendAction' from osc-lib - Bump lower constraint of MarkupSafe - Replace six.iteritems() with .items() - Don't look up project by id if given id - Add storage policy option to create container command - Stop configuring install_command in tox and stop use pip. - Update http links in docs - Doc: launchpad => storyboard - Allow setting floating IP description - Deflate .htaccess - Fix network segment range "_get_ranges" function - Fix copypaste errors in access rule command - Remove redundant OpenStackShell.prepare_to_run_command - Remove plugin projects from test-requirements.txt - neutron: autogenerate docs - Incorrect title for service provider - Add plugin doc page for watcher - Show correct name for resource with quota set to zero - Disallow setting default on internal network - Fix openstack server list --deleted --marker option - Add support for app cred access rules - Fix plugin autodoc generation - Switch image to use SDK - Provide stderr in exception when check_parser fails - Microversion 2.79: Add delete_on_termination to volume-attach API - Complete switch from glanceclient to SDK for image service - Use autoprogram-cliff for remaining plugin docs - Bump tox minversion - Add unit tests and release note for dns_publish_fixed_ip - common: autogenerate docs - Update master for stable/train - Create Volume v3 functional tests - Change dockerhub password - Honor endpoint override from config for volume - Fix functional tests for py3 - Stop testing python 2 in tox and zuul. - Raise hacking to more recent 2.0.0 - Now we can add description for role creation in OSC - Build utility image for using osc - Replace port 35357 with 5000 for "auth_url" - Switch to using osc_lib.utils.tags - Split plugin docs per project - Fix router create/show if extraroute not supported - Add qos_network_policy_id to network port tests - Link to (some) plugin doc pages - Refactor AggregateTests - Remove trailing newline from dockerhub secret - Update a stale doc reference to use :neutron-doc: - Add dns_publish_fixed_ip attribute to subnets - Fix osc-lib interface change: catch osc-lib Forbidden - Use SDK to get compute API extensions - Add placement to known plugins - Update the content about Import Format - compute: autogenerate docs - versions: Fix 'versions show' help message - Add parent project filter for listing projects - Raise flake8-import-order version to latest - Add "fields" parameter to ListSecurityGroup query - openstack.cli: autogenerate docs - Add redirect testing - Stop silently ignoring invalid 'server create --hint' options - Produce complete content for plugin docs - Remove mention of meetings from docs - Update image building jobs - Add 'openstack server migrate (confirm|revert)' commands - Complete "Drop python2 support" goal - Fix faulthy state argument choice - remove nonsensical update-alternatives, which leaves an empty file behind - switch to python 3.x only package - update to version 4.0.0 - Batch up minor cleanups for release - Bump min osc-lib to 1.14.0 - Fix RuntimeError when showing project which has extra properties - Fix BFV server list handling with --name-lookup-one-by-one - Fix typo: "to and endpoint" - Fix functional.base.TestCase.openstack() to optionally omit --os-auth-type - Use cliff formattable columns in image commands - Add server add/remove volume description for microversion 2.20 - Document that server dump create requires 2.17 - Remove code migrated to osc-lib long ago - Fix docs bug link to go to storyboard rather than launchpad - Mention compute service set --up|--down requires 2.11 or greater - Update master for stable/stein - Compute: Add description support for server - Remove deprecated volume commands and args - Volume backup functional test tweak - Use cliff formattable columns in network commands - Deprecate openstack server migrate --host option - Ignore case in security group rule --ethertype - Add host and hypervisor_hostname to create servers - Delete the LB object quotas set command in openstackclient - Rename review.openstack.org to review.opendev.org - Fix: incorrect check when no shared/private input - Remove deprecated image commands - Tweak network segment range fiunction tests - Default to Cinder v3 API - Fix description for --block-device-mapping - Add floating IP Port Forwarding commands - Format aggregate command fields and de-race functional tests - docs: clarify compute service --service option - Fix bug in endpoint group deletion - Format location columns in network commands - Fix --limit option in image list sub-command - Add 'openstack server resize (confirm|revert)' commands - openstack port create support --extra-dhcp-option - Update release table for Train and 4.0.0 - Update api-ref location - Add openstack server create --boot-from-volume option - Microversion 2.73: Support adding the reason behind a server lock - Aggregate functional test tweak - Bump lower constraint of python-zunclient - Follow-up: fix the invalid releasenote link - Change default security group protocol to 'any' - Followup opendev cleanup and test jobs - OpenDev Migration Patch - Fix link to new opendev repo - Remove token_endpoint auth type - Allow "server migrate" (not live) to take "--host" option - Add 'security_group' type support to network rbac commands - Bump hacking version - Fix: set invalid None project_id on range creation - Stop leaving temp files after unit test runs - Support type=image with --block-device-mapping option - Remove races in floating ip functional tests - Remove deprecated network options - Use cliff formattable columns in volume v1 commands - Fix compute service set handling for 2.53+ - Add changes-before attribute to server list - Use cliff formattable columns in identity commands - Support IPv6 addresses better - Fix service discovery in functional tests - Serialize more aggregate functional tests - Update the constraints url - Add CLI argument tests before making changes - More aggregate functional race chasing - Dropping the py35 testing - Remove deprecated compute commands - Add Python 3 Train unit tests - Blacklist Bandit 1.6.0 due to directory exclusion bug - Remove deprecated identity commands and args - Microversion 2.77: Support Specifying AZ to unshelve - Use cliff formattable columns in object storage commands - Document 2.53 behavior for compute service list/delete - document the --timing option - Add server event command documentation for compute API 2.21 - Update sphinx requirement. - Fix module paths for volumev3 volume backup commands - Make configuration show not require auth - Before writing object data to stdout, re-open it in binary mode - Add doc and relnote for review 639652 - Clean up app initialization and config - Use cliff formattable columns in volume v2 commands - update to version 3.18.0 - Fix missing trailing spaces in network help messages - Add volume backend capability show command - Add metavar for name parameter in subnet create - Modify the help message for 'registered limit set' - image/v2: support multiple property filters - Add note about version 2.5 when listing servers using --ip6 - Add dns-domain support to Network object - Fix broken gate jobs - Fix 'project purge' deleting wrong project's servers and volumes - Support enable/disable uplink status propagation - Allow endpoint filtering on both project and project-domain - Add --key-name and --key-unset option for server rebuild API. - Remove invalid 'unlock-volume' migration arg - Default --nic to 'auto' if creating a server with >= 2.37 - Add monascaclient to `not plugins` list - import zuul job settings from project-config - Add DNS support to floating IP commands - More state handling in volume transfer requests functional tests - Updated the take_actions for unified limits - More volume functional test fixes - Use devstack functional base job - Add --property option to 'server rebuild' command - This fix removes an erroneous underscore found within the function named - Partially Revert "Add command to unset information from Subnet-pools" - API microversion 2.69: Handles Down Cells - Don't display router's is_ha and is_distributed attributes always - trivial: modify spelling error of project - Disabling c-backup service for osc-functional-devstack-tips job - Detailed help message for QoS max-burst-kbps value - Update release note version reference table - Update reno for stable/rocky - Update the Neutron CLI decoder document - Make use of keystoneauth service-type filtering for versions - add python 3.6 unit test job - Deprecate volume create --project and --user options - Trivial: remove commented-out code - Typo fix - Change openstack-dev to openstack-discuss - Remove str() when setting network objects names - Add Python 3.6 classifier to setup.cfg - Replace assertEqual(True/False, expr) with assertTrue/assertFalse - Remove testr.conf as it's been replaced by stestr - Add py36 env - add lib-forward-testing-python3 test job - Fix inconsistency (nit) - osc-included image signing (using openstacksdk) - Update the URL in doc - Add possibility to filter images using member_status - Handle multiple ports in AddFloatingIP - Mention 2.51 in help for openstack server event show - Add osc repo to the base job definition - Add --name-lookup-one-by-one option to server list - switch documentation job to new PTI - Add floating IP filter to floating IP list command - Address issues from volume backend commands - Paginate over usage list to return all usages - Fix tox python3 overrides - Fix i18n issue - Add network segment range command object - Improve document 'openstack complete' - Add volume backup import/export commands - Supports router gateway IP QoS - Add volume backend pool list command - fix multiple server delete produce multiple new lines - Fix some spaces in help messages - Fix: Restore output 'VolumeBackupsRestore' object is not iterable - Fix help message for subnetpool default-quota value - Use os-cloud instead of OS env vars for functional tests - Fix help message of image add project - Handle not having cinderclient.v1 available - Mention compute API 2.50 in openstack quota show --class - Add support for get details of Quota - Add --attached / --detached parameter to volume set - add python 3.7 unit test job - Remove python-ceilometerclient - Use templates for cover and lower-constraints - Add project param in LimitList parser - update to version 3.16.2 - Fix 'project purge' deleting wrong project's servers and volumes - Allow endpoint filtering on both project and project-domain - Handle multiple ports in AddFloatingIP - Default --nic to 'auto' if creating a server with >= 2.37 - update to version 3.16.1 - Update UPPER_CONSTRAINTS_FILE for stable/rocky - Update .gitreview for stable/rocky - import zuul job settings from project-config - Fix broken gate jobs - update to version 3.16.0 - Implement support for registered limits - Prevent "server migrate --wait" from hanging - Pass volume snapshot size to volume create - Update reno for stable/queens - neutron: add --mtu for create/set network - Make osc-functional-devstack-tips actually use tips - Update role document to include system parameter - Imported Translations from Zanata - Format port_details field of Floating IP - Rename python-openstacksdk to openstacksdk - Fix limits show command without Nova and Cinder - Clean up W503 and E402 pep8 errors - Correct application credential usage doc - Use Server.to_dict() rather than Server._info - Support filtering port with IP address substring - Retry floating IP tests - Remove deprecated ip floating commands - Fix volume type functional tests - Display private flavors in server list - Fix server show for microversion 2.47 - compute: host: expand kwargs in host_set() call - Zuul: Remove project name - Add release note link in README - Fix docs from I0dc80bee3ba6ff4ec8cc3fc113b6de7807e0bf2a - Add support for endpoint group commands - Fix crashing "console log show" - Add project tags functionality - Fix additional output encoding issues - Add ability to filter image list by tag - Replace pbr autodoc with sphinxcontrib-apidoc - Add help for nova interface-list to decoder - Slow down and retry aggregate create/delete to lessen race - Add --image-property parameter in 'server create' - Change bug url to a correct one - Add support for "--dns-domain" argument - Add cliff project link - Update command test for volume.v3 - Fix the `role implies list` command. - Add command to show all service versions - compute: limit the service's force down command above 2.10 - Update help text for encryption provider - Update links in README - Trivial: Update pypi url to new url - Add system role functionality - Remove duplicated network attributes - Fix tox -e venv -- reno new - Implement support for project limits - Add bgp commands to neutron decoder - Add support to list image members - Release note cleanup for 3.16.0 release - Allow setting network-segment on subnet update - Use find_ip from openstacksdk - Network: Add tag support for security group - Skip calls to glance and nova when got no servers - Network: Add tag support for floating ip - Fix typo in 'floating ip associate' command and doc - Fix functional job failed - Cleanup error messages on failure - Don't sent disk_over_commit if nova api > 2.24 - Add CRUD support for application credentials - Optimize _prep_server_detail to avoid redundant find_resource - Fix error with image show when image name is None - Make max_burst_kbps option as optional for bw limit QoS rule - Fix subnet host_routes error - add lower-constraints job - Re-implement novaclient bits removed in 10.0 - Adding api_version to FakeApp - Make functional-tips job voting - Do not require port argument when updating floating IP - Support --community in openstack image list - Fix lower-constraints.txt - Compute: Add description support for flavor - Updated from global requirements - Make Profile fallback go bye-bye - Fix urls in README.rst This update for python-openstackdocstheme the following issues: - update to version 2.0.2 (bsc#1191205): * [ussuri][goal] Drop python 2.7 support and testing This update for python-oslo.context the following issues: - update to 3.0.2 (bsc#1191205): * Update hacking for Python3 * Filter out auth\_token\_info from logging values * trivial: Cleanup tox.ini * remove outdated header * reword releasenote for py27 support dropping * Drop python 2.7 support and testing * tox: Trivial cleanup * tox: Trivial cleanup * Bump the openstackdocstheme extension to 1.20 * gitignore: Hide reno cache files * tox: Stop using 'python setup.py test' * Switch to Ussuri jobs * tox: Keeping going with docs * Switch to Ussuri jobs * Update the constraints url * Update master for stable/train * Add Python 3 Train unit tests * Cap Bandit below 1.6.0 and update Sphinx requirement * Replace git.openstack.org URLs with opendev.org URLs * OpenDev Migration Patch * Dropping the py35 testing * Update master for stable/stein * add python 3.7 unit test job * Update hacking version * Use template for lower-constraints * Update mailinglist from dev to discuss * Implement domain-scope for context objects * Clean up .gitignore references to personal tools * Always build universal wheels * add lib-forward-testing-python3 test job * add python 3.6 unit test job * import zuul job settings from project-config * import zuul job settings from project-config * Update reno for stable/rocky * Switch to stestr * Add release notes link to README * fix tox python3 overrides * Implement system-scope * Remove stale pip-missing-reqs tox test * Trivial: Update pypi url to new url * Switch pep8 job to python 3 * add lower-constraints job * pypy not checked at gate * Updated from global requirements * Update links in README * Add -W for document build * Update reno for stable/queens * Updated from global requirements This update for python-oslosphinx the following issues: - switch to stable/ussuri spec template (bsc#1191205) This update for python-reno the following issues: - update to version 3.0.1 (bsc#1191205) * Add python 3.6 unit test job * Update the min version of tox to 2.0 * Switch to use stestr for unit test * Update sphinx extension logging * only override config values from command line if they are actually set * refactor handling of missing config files for better testing * update test fixtures to capture log output * build universal wheels * update the oudated URL in doc * sphinxext: Use unicode\_literals * Use unicode for debug string * link to the europython 2018 presentation about reno * build our docs with the lower-constraints * update sphinx to at least 1.6.1 * move sphinx flags to tox.ini * add lower-constraints tox environment and job * Migrate the link of bug report button to storyboard * Allow tags prefixed with v in default regex * move package publishing template back to project-config * fix documentation project template * Fix traceback when no args are passed to reno * sphinxext: Use 'sphinx.util.logging' * switch doc and pypi jobs to use python3 * import zuul job settings from project-config * fix tox python3 overrides * report line numbers for generated content more accurately * tests: Use mock decorator instead of context manager * preserve the order of tags when reading the cache file * include the branch name in anchors to make them more unique * report when loading data from the cache file * Streamline published release notes * Collapse Unreleased and Mainline sections * Make section titles have stable anchor links * Integrate a setuptools command * Enhance the travis hack * add unreleased\_version\_title configuration option * Add usage with travis CI to docs * cleanups for dev workflow descriptions * doc: Note development workflows supported by reno * update bug report URLs to use storyboard * Update links in 'README' * Update url in 'HACKING.rst' * trivial change to contributing instructions Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-689=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-689=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-openstackclient-5.2.0-8.3.2 python3-oslo.context-3.0.2-9.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-openstackclient-5.2.0-8.3.2 python3-oslo.context-3.0.2-9.3.2 References: https://bugzilla.suse.com/1191205 From sle-updates at lists.suse.com Thu Mar 3 13:42:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:42:32 +0100 (CET) Subject: SUSE-RU-2022:0687-1: moderate: Recommended update for libvirt Message-ID: <20220303134232.79D67F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0687-1 Rating: moderate References: #1191668 #1192119 SLE-23394 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for libvirt fixes the following issues: - libxl: Mark auto-allocated graphics ports to used on reconnect. - libxl: Release all auto-allocated graphics ports. (bsc#1191668) - libxl: Add lock process indicator to saved VM state. (bsc#1191668) - spec: Weaken apparmor-abstractions dependency to Recommends. (bsc#1192119, jsc#SLE-23394) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-687=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-687=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-687=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-150300.6.26.1 libvirt-admin-7.1.0-150300.6.26.1 libvirt-admin-debuginfo-7.1.0-150300.6.26.1 libvirt-client-7.1.0-150300.6.26.1 libvirt-client-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-7.1.0-150300.6.26.1 libvirt-daemon-config-network-7.1.0-150300.6.26.1 libvirt-daemon-config-nwfilter-7.1.0-150300.6.26.1 libvirt-daemon-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-interface-7.1.0-150300.6.26.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-lxc-7.1.0-150300.6.26.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-network-7.1.0-150300.6.26.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.26.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.26.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.26.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-secret-7.1.0-150300.6.26.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-hooks-7.1.0-150300.6.26.1 libvirt-daemon-lxc-7.1.0-150300.6.26.1 libvirt-daemon-qemu-7.1.0-150300.6.26.1 libvirt-debugsource-7.1.0-150300.6.26.1 libvirt-devel-7.1.0-150300.6.26.1 libvirt-lock-sanlock-7.1.0-150300.6.26.1 libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.26.1 libvirt-nss-7.1.0-150300.6.26.1 libvirt-nss-debuginfo-7.1.0-150300.6.26.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.26.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): libvirt-bash-completion-7.1.0-150300.6.26.1 libvirt-doc-7.1.0-150300.6.26.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): libvirt-daemon-driver-libxl-7.1.0-150300.6.26.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-xen-7.1.0-150300.6.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-7.1.0-150300.6.26.1 libvirt-libs-7.1.0-150300.6.26.1 libvirt-libs-debuginfo-7.1.0-150300.6.26.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libvirt-daemon-7.1.0-150300.6.26.1 libvirt-daemon-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-interface-7.1.0-150300.6.26.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-network-7.1.0-150300.6.26.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.26.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.26.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.26.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-secret-7.1.0-150300.6.26.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.26.1 libvirt-daemon-qemu-7.1.0-150300.6.26.1 libvirt-debugsource-7.1.0-150300.6.26.1 libvirt-libs-7.1.0-150300.6.26.1 libvirt-libs-debuginfo-7.1.0-150300.6.26.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.26.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.26.1 References: https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1192119 From sle-updates at lists.suse.com Thu Mar 3 13:44:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:44:00 +0100 (CET) Subject: SUSE-RU-2022:0683-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20220303134400.55868F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0683-1 Rating: critical References: #1196146 #1196305 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update -addon-azure to 1.0.2 (bsc#1196305) - Fix regression in the cloud-regionsrv-client' with OnDemand images - Update -plugin-azure to 2.0.0 (bsc#1196146) - Lower case the region hint to reduce issues with Azure region name case inconsistencies Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-683=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-683=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.0-52.69.1 cloud-regionsrv-client-addon-azure-1.0.2-52.69.1 cloud-regionsrv-client-generic-config-1.0.0-52.69.1 cloud-regionsrv-client-plugin-azure-2.0.0-52.69.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.69.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.69.1 References: https://bugzilla.suse.com/1196146 https://bugzilla.suse.com/1196305 From sle-updates at lists.suse.com Thu Mar 3 13:44:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:44:39 +0100 (CET) Subject: SUSE-RU-2022:0680-1: important: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <20220303134439.E7BAAF37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0680-1 Rating: important References: #1195095 #1195096 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-680=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): supportutils-plugin-suse-public-cloud-1.0.6-6.13.1 References: https://bugzilla.suse.com/1195095 https://bugzilla.suse.com/1195096 From sle-updates at lists.suse.com Thu Mar 3 13:46:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:46:52 +0100 (CET) Subject: SUSE-RU-2022:0688-1: moderate: Recommended update for monitoring-plugins Message-ID: <20220303134652.5C9E2F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for monitoring-plugins ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0688-1 Rating: moderate References: #1047218 #1114483 #1132350 #1132903 #1133107 #1191011 #914486 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for monitoring-plugins fixes the following issues: - Reverting patch for the problem, if you get more than 64K on stdout - recommend syslog for monitoring-plugins-log, as people probably want to analize logs generated by (r)syslog or journald check_snmp will segfaults at line 489 if number of lines returned by SNMPD is greater than number of defined thresholds -> https://github.com/monitoring-plugins/monitoring-plugins/pull/1589 When the MIBs are not quite right, snmpget outputs lots of errors on STDERR before getting down to business. If this is enough to fill the pipe buffer, snmpget hangs waiting for it to be cleared, which it never will be because check_snmp is waiting for snmpget to output something on STDOUT. This simple fix from s2156945 for this is to read STDERR before STDOUT. cmd_run_array from utils_cmd.c is also used by plugins/check_by_ssh and plugins/negate but you're likely to get lots of errors or lots of output, not both at the same time. The real fix is probably to do a select() and read from both as they come in. https://github.com/monitoring-plugins/monitoring-plugins/issues/1706 feature enhancement for check_dhcp, which allows to detect rogue DHCP servers. Use it with the "-x" flag provided by op5, mainly around RFC 4253:4.2 and 4253:5 + fixing a few typos + properly parse a (delayed) version control string + Handle non-alpha software versions reported by the checked service - Remove unneeded BuildRequires on python-devel (bsc#1191011) - Call gettextize with --no-changelog to make package build reproducible (bsc#1047218) - Update to 2.3.1: Enhancements * check_curl: Add an option to verify the peer certificate and host using the system CA's Fixes * check_curl: fixed help, usage and errors for TLS 1.3 * check_curl: fixed a potential buffer overflow in url buffer * check_dns: split multiple IP addresses passed in one -a argument * check_curl: added string_statuscode function for printing HTTP/1.1 and HTTP/2 correctly * check_curl: fix crash if http header contains leading spaces * check_curl: display a specific human-readable error message where possible * check_pgsql: Using snprintf which honors the buffers size and guarantees null termination. * check_snmp: put the "c" (to mark a counter) after the perfdata value * check_http: Increase regexp limit * check_http: make -C obvious * check_curl: Increase regexp limit (to 1024 as in check_http) * check_curl: make -C obvious (from check_http) - add sha1 checksum file as source - Update to 2.3 (final): Enhancements * check_dns: allow 'expected address' (-a) to be specified in CIDR notation (IPv4 only). * check_dns: allow for IPv6 RDNS * check_dns: Accept CIDR * check_dns: allow unsorted addresses * check_dns: allow forcing complete match of all addresses * check_apt: add --only-critical switch * check_apt: add -l/--list option to print packages * check_file_age: add range checking * check_file_age: enable to test for maximum file size * check_apt: adding packages-warning option * check_load: Adding top consuming processes option * check_http: Adding Proxy-Authorization and extra headers * check_snmp: make calcualtion of timeout value in help output more clear * check_uptime: new plugin for checking uptime to see how long the system is running * check_curl: check_http replacement based on libcurl * check_http: Allow user to specify HTTP method after proxy CONNECT * check_http: Add new flag --show-body/-B to print body * check_cluster: Added data argument validation * check_icmp: Add IPv6 support * check_icmp: Automatically detect IP protocol * check_icmp: emit error if multiple protocol version * check_disk: add support to display inodes usage in perfdata * check_hpjd: Added -D option to disable warning on 'out of paper' * check_http: support the --show-body/-B flag when --expect is used * check_mysql: allow mariadbclient to be used * check_tcp: add --sni * check_dns: detect unreachable dns service in nslookup output Fixes * Fix regression where check_dhcp was rereading response in a tight loop * check_dns: fix error detection on sles nslookup * check_disk_smb: fix timeout issue * check_swap: repaired -n behaviour * check_icmp: Correctly set address_family on lookup * check_icmp: Do not overwrite -4,-6 on lookup * check_smtp: initializes n before it is used * check_dns: fix typo in parameter description * check_by_ssh: fix child process leak on timeouts * check_mysql: Allow sockets to be specified to -H * check_procs: improve command examples for 'at least' processes * check_disk: include -P switch in help * check_mailq: restore accidentially removed options - return ntp offset absolute (as positive value) in performance data since warn and crit are also positive values - change version to 2.3~alpha.$date.$commit update to current git as of 20200520T233014.cadac85e changes summarized * detect unreachable dns service in nslookup output * check_curl: host_name may be null * update test parameter according to check_http * check_curl: use CURLOPT_RESOLVE to fix connecting to the right ip * workaround for issue #1550 - better use "ping -4" instead of "ping" if supported * Use size_t instead of int when calling sysctl(3) * check_tcp: add --sni * Fix timeout_interval declarations * check_curl: NSS, parse more date formats from certificate (in -C cert check) * check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8) * setting no_body to TRUE when we have a HEAD request * some LIBCURL_VERSION checks around HTTP/2 feature * added --http-version option to check_curl to choose HTTP * improved curlhelp_parse_statusline to handle both HTTP/1.x and HTTP/2 * check_curl: updates embedded picohttpparser to newest git version * setting progname of check_curl plugin to check_curl (at least for now) * Allow mariadbclient to be used for check_mysql * fix maxfd being zero * include -P switch in help * check_swap: repaired "-n" behaviour * improve command examples for 'at least' processes * check_mysql: Allow sockets to be specified to -H * Adding packages-warning option to check_apt plugin * Adding print top consuming processes option to check_load * check_snmp: make calcualtion of timeout value in help output more clear * [check_disk] add support to display inodes usage in perfdata * check_by_ssh: fix child process leak on timeouts * check_icmp: Add IPv6 support * check_dns: fix typo in parameter description * Also support the --show-body/-B flag when --expect is used * check_dns: improve support for checking multiple addresses * check_hpjd: Added -D option to disable warning on 'out of paper' * check_icmp: Do not overwrite -4,-6 on lookup * check_icmp: emit error if multiple protocol version * check_icmp: move opts string into a variable * check_cluster.c: Added data argument validation. * check_icmp: Correctly set address_family on lookup * check_icmp: process protocol version args first * check_icmp: Add IPv6 support - add new subpackage monitoring-plugins-uptime - 'monitoring-plugins-mysql' should also provide 'monitoring-plugins-mysql_query' - Provide/Obsolete nagios-plugins in old version for better compatibility and to allow dist upgrade (bsc#1114483) - Checnking only for suse_version >= 1500 sle12/leap42 ping does not know the -4 parameter (bsc#1132903) - update AppArmor profiles for usrMerge (related to bsc#1132350) - update 'usr.lib.nagios.plugins.check_procs' again for >= sle15 case so that ptrace is allowed (bsc#1133107) - add /etc/nrpe.d/*.cfg snipplets for + nrpe-check_load => check_load + nrpe-check_mailq => check_mailq + nrpe-check_ntp_time => check_ntp_time + nrpe-check_swap => check_swap + nrpe-check_total_procs => check_procs + nrpe-check_zombie_procs => check_procs + nrpe-check_users => check_users + nrpe-check_mysql => check_mysql + nrpe-check_proc_cron => check_procs + nrpe-check_partition => check_disk + nrpe-check_ups => check_ups - use %%license macro on newer versions - copy usr.lib.nagios.plugins.check_procs as usr.lib.nagios.plugins.check_procs.sle15 and use that for sle15 and above. "ptrace" to enable ptrace globally is needed here. - Fix build with MariaDB 10.2 (in our case the build with libmariadb library from the mariadb-connector-c package) - replace "ptrace" with "capability sys_ptrace" in usr.lib.nagios.plugins.check_procs apparmor profile to avoid errors on SLE-11 - add "ptrace" to usr.lib.nagios.plugins.check_procs apparmor profile - Remove unused gnutls from buildrequires - Replace %__-type macro indirections. Drop %clean, replace -exec \; by -exec +. - disable requires for apparmor on non-suse for now - adapt buildrequires for centos - enclose all permissions handling with if suse_version - wrap recommends with if suse_version - disable radius check (no freeradius-client-devel rpm found) - update to 2.2: Enhancements + The check_http -S/--ssl option now accepts the arguments 1.1 and 1.2 to force TLSv1.1 and TLSv1.2 connections, respectively + The check_http -S/--ssl option now allows for specifying the desired protocol with a + suffix to also accept newer versions + Let check_http check HTTPS web sites via proxies + check_http: add timeout to performance data as max value + check_http: report certificate expiry date in UTC + check_snmp: add IPv6 support + check_snmp's performance data now also includes warning/ critical thresholds + New check_snmp -N option to specify SNMPv3 context name + Let check_smtp's -D option imply -S + Let check_smtp's -e option match against the full SMTP response + check_dig: expected response is now case-insensitive + New check_mailq -s option which tells the plugin to use sudo(8) + New check_nt -l parameters: seconds|minutes|hours|days + New -W/-C option for check_ldap to check number of entries + check_users: add support for range thresholds + check_fping now auto-detects IPv6 addresses + check_radius now supports the radcli library + Support OpenSSL 1.1 Fixes + check_http: fix host header port handling + Let check_real terminate lines with CRLF when talking to the server, as mandated by RFC 2326 + Fix check_procs on HP-UX + check_smtp's -e/--expect option can now be combined with -S/--starttls + Fix incorrect performance data thresholds emitted by check_ups + Don't let check_procs miss some processes on busy Solaris systems Warnings + The format of the performance data emitted by check_mrtgtraf has been changed to comply with the development guidelines + check_ssh now returns CRITICAL for protocol/version errors + If a plugin is invoked with -h/--help or -V/--version, the exit status is now UNKNOWN + The superseeded check_ntp.pl was removed, please use check_ntp_peer or check_ntp_time instead - usr.lib.nagios.plugins.check_disk: include abstractions/nameservice to be able to check nfs mounts - update to 2.1.2: ENHANCEMENTS + check_snmp's performance data now also includes warning/critical thresholds + New check_snmp "-N" option to specify SNMPv3 context name + New check_nt "-l" parameters: seconds|minutes|hours|days + New check_mailq -s option which tells the plugin to use sudo(8) + New -W/-C option for check_ldap to check number of entries (Gerhard Lausser) + The check_http -S/--ssl option now accepts the arguments "1.1" and "1.2" to force TLSv1.1 and TLSv1.2 connections, respectively + The check_http -S/--ssl option now allows for specifying the desired protocol with a "+" suffix to also accept newer versions FIXES + Let check_real terminate lines with CRLF when talking to the server, as mandated by 2326 + Fix check_procs on HP-UX + check_smtp's -e/--expect option can now be combined with -S/--starttls + Fix incorrect performance data thresholds emitted by check_ups WARNINGS + The format of the performance data emitted by check_mrtgtraf has been changed to comply with the development guidelines + check_ssh now returns CRITICAL for protocol/version errors + If a plugin is invoked with -h/--help or -V/--version, the exit status is now UNKNOWN + The superseded check_ntp.pl was removed, please use check_ntp_peer or check_ntp_time instead - fix wrong requires for monitoring-plugins-dbi* packages (fixes bnc #914486) - add a note about permissions for the extra-opts file in README - use the check_ircd script as submitted via GitHub - update to 2.1.1: FIXES + Fix check_ntp's jitter checking + Fix check_ntp's handling of invalid server responses + Fix check_apt's handling of invalid regular expressions + Fix check_real's server response processing + Fix backslash escaping in check_tcp's --help output + Fix check_jabber to work with Openfire servers + Fix check_oracle bad string matching when testing TNS server + Fixed check_ifstatus performance data output + Fixed expire time output for sslutils + check_dns now verifies if the answer is returning from the queried server + Fix check_by_ssh to accept --hostname as argument ENHANCEMENTS + New check_hpjd -p option for port specification (abrist) + New ./configure --with-qmail-qstat-command option to specify the path to qmail-qstat(8) + New check_ifstatus -n option to ignore interfaces by name + check_ntp_peer has now specific state output for each metric + New check_mysql -n option to ignore authentication failures + Added IP and port or socket name to error messages + New check_ntp_time -o option to add expected offset + check_disk shows now troubled partions in verbose mode + check_dig has now support for drill and dig + check_dig has now support for -6 option + Add performance data to check_file_age - ran spec-cleaner - require portmap on older distributions for building instead of rpcbind - newer openSUSE versions use rsyslog: require virtual syslog package for build - remove nagios-devel from BuildRequires Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-688=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-688=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-688=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-688=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-688=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-688=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-688=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-688=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-688=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-688=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-688=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-688=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE OpenStack Cloud 9 (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE OpenStack Cloud 8 (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 - HPE Helion Openstack 8 (x86_64): monitoring-plugins-all-2.3.1-4.6.1 monitoring-plugins-by_ssh-2.3.1-4.6.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-cluster-2.3.1-4.6.1 monitoring-plugins-cluster-debuginfo-2.3.1-4.6.1 monitoring-plugins-common-2.3.1-4.6.1 monitoring-plugins-common-debuginfo-2.3.1-4.6.1 monitoring-plugins-cups-2.3.1-4.6.1 monitoring-plugins-dbi-2.3.1-4.6.1 monitoring-plugins-dbi-debuginfo-2.3.1-4.6.1 monitoring-plugins-dbi-mysql-2.3.1-4.6.1 monitoring-plugins-dbi-pgsql-2.3.1-4.6.1 monitoring-plugins-dbi-sqlite3-2.3.1-4.6.1 monitoring-plugins-debugsource-2.3.1-4.6.1 monitoring-plugins-dhcp-2.3.1-4.6.1 monitoring-plugins-dhcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-dig-2.3.1-4.6.1 monitoring-plugins-dig-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk-2.3.1-4.6.1 monitoring-plugins-disk-debuginfo-2.3.1-4.6.1 monitoring-plugins-disk_smb-2.3.1-4.6.1 monitoring-plugins-dns-2.3.1-4.6.1 monitoring-plugins-dns-debuginfo-2.3.1-4.6.1 monitoring-plugins-dummy-2.3.1-4.6.1 monitoring-plugins-dummy-debuginfo-2.3.1-4.6.1 monitoring-plugins-extras-2.3.1-4.6.1 monitoring-plugins-file_age-2.3.1-4.6.1 monitoring-plugins-fping-2.3.1-4.6.1 monitoring-plugins-fping-debuginfo-2.3.1-4.6.1 monitoring-plugins-hpjd-2.3.1-4.6.1 monitoring-plugins-hpjd-debuginfo-2.3.1-4.6.1 monitoring-plugins-http-2.3.1-4.6.1 monitoring-plugins-http-debuginfo-2.3.1-4.6.1 monitoring-plugins-icmp-2.3.1-4.6.1 monitoring-plugins-icmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ifoperstatus-2.3.1-4.6.1 monitoring-plugins-ifstatus-2.3.1-4.6.1 monitoring-plugins-ircd-2.3.1-4.6.1 monitoring-plugins-ldap-2.3.1-4.6.1 monitoring-plugins-ldap-debuginfo-2.3.1-4.6.1 monitoring-plugins-load-2.3.1-4.6.1 monitoring-plugins-load-debuginfo-2.3.1-4.6.1 monitoring-plugins-log-2.3.1-4.6.1 monitoring-plugins-mailq-2.3.1-4.6.1 monitoring-plugins-mrtg-2.3.1-4.6.1 monitoring-plugins-mrtg-debuginfo-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-2.3.1-4.6.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-4.6.1 monitoring-plugins-mysql-2.3.1-4.6.1 monitoring-plugins-mysql-debuginfo-2.3.1-4.6.1 monitoring-plugins-nt-2.3.1-4.6.1 monitoring-plugins-nt-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_peer-2.3.1-4.6.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-4.6.1 monitoring-plugins-ntp_time-2.3.1-4.6.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-4.6.1 monitoring-plugins-nwstat-2.3.1-4.6.1 monitoring-plugins-nwstat-debuginfo-2.3.1-4.6.1 monitoring-plugins-oracle-2.3.1-4.6.1 monitoring-plugins-overcr-2.3.1-4.6.1 monitoring-plugins-overcr-debuginfo-2.3.1-4.6.1 monitoring-plugins-pgsql-2.3.1-4.6.1 monitoring-plugins-pgsql-debuginfo-2.3.1-4.6.1 monitoring-plugins-ping-2.3.1-4.6.1 monitoring-plugins-ping-debuginfo-2.3.1-4.6.1 monitoring-plugins-procs-2.3.1-4.6.1 monitoring-plugins-procs-debuginfo-2.3.1-4.6.1 monitoring-plugins-radius-2.3.1-4.6.1 monitoring-plugins-radius-debuginfo-2.3.1-4.6.1 monitoring-plugins-real-2.3.1-4.6.1 monitoring-plugins-real-debuginfo-2.3.1-4.6.1 monitoring-plugins-rpc-2.3.1-4.6.1 monitoring-plugins-sensors-2.3.1-4.6.1 monitoring-plugins-smtp-2.3.1-4.6.1 monitoring-plugins-smtp-debuginfo-2.3.1-4.6.1 monitoring-plugins-snmp-2.3.1-4.6.1 monitoring-plugins-snmp-debuginfo-2.3.1-4.6.1 monitoring-plugins-ssh-2.3.1-4.6.1 monitoring-plugins-ssh-debuginfo-2.3.1-4.6.1 monitoring-plugins-swap-2.3.1-4.6.1 monitoring-plugins-swap-debuginfo-2.3.1-4.6.1 monitoring-plugins-tcp-2.3.1-4.6.1 monitoring-plugins-tcp-debuginfo-2.3.1-4.6.1 monitoring-plugins-time-2.3.1-4.6.1 monitoring-plugins-time-debuginfo-2.3.1-4.6.1 monitoring-plugins-ups-2.3.1-4.6.1 monitoring-plugins-ups-debuginfo-2.3.1-4.6.1 monitoring-plugins-users-2.3.1-4.6.1 monitoring-plugins-users-debuginfo-2.3.1-4.6.1 monitoring-plugins-wave-2.3.1-4.6.1 References: https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1114483 https://bugzilla.suse.com/1132350 https://bugzilla.suse.com/1132903 https://bugzilla.suse.com/1133107 https://bugzilla.suse.com/1191011 https://bugzilla.suse.com/914486 From sle-updates at lists.suse.com Thu Mar 3 13:48:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:48:51 +0100 (CET) Subject: SUSE-RU-2022:0682-1: important: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <20220303134851.D22C7F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0682-1 Rating: important References: #1195095 #1195096 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-682=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-682=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-682=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 References: https://bugzilla.suse.com/1195095 https://bugzilla.suse.com/1195096 From sle-updates at lists.suse.com Thu Mar 3 13:49:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 14:49:37 +0100 (CET) Subject: SUSE-RU-2022:0681-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20220303134937.1CA11F37C@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0681-1 Rating: critical References: #1195414 #1195564 #1196305 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update -addon-azure to 1.0.2 (bsc#1196305) - Fix regression in the cloud-regionsrv-client' with OnDemand images - Update to version 10.0.0 (bsc#1195414, bsc#1195564) - Refactor removes check_registration() function in utils implementation - Only start the registration service for PAYG images - addon-azure sub-package to version 1.0.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-681=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-681=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-681=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-681=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-681=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.0-6.62.1 cloud-regionsrv-client-addon-azure-1.0.2-6.62.1 cloud-regionsrv-client-generic-config-1.0.0-6.62.1 cloud-regionsrv-client-plugin-azure-2.0.0-6.62.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.62.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.62.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.0-6.62.1 cloud-regionsrv-client-addon-azure-1.0.2-6.62.1 cloud-regionsrv-client-generic-config-1.0.0-6.62.1 cloud-regionsrv-client-plugin-azure-2.0.0-6.62.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.62.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.62.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.0-6.62.1 cloud-regionsrv-client-addon-azure-1.0.2-6.62.1 cloud-regionsrv-client-generic-config-1.0.0-6.62.1 cloud-regionsrv-client-plugin-azure-2.0.0-6.62.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.62.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.62.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.0-6.62.1 cloud-regionsrv-client-generic-config-1.0.0-6.62.1 cloud-regionsrv-client-plugin-azure-2.0.0-6.62.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.62.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.62.1 References: https://bugzilla.suse.com/1195414 https://bugzilla.suse.com/1195564 https://bugzilla.suse.com/1196305 From sle-updates at lists.suse.com Thu Mar 3 17:18:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 18:18:15 +0100 (CET) Subject: SUSE-SU-2022:0690-1: important: Security update for webkit2gtk3 Message-ID: <20220303171815.13A2BF37C@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0690-1 Rating: important References: #1195064 #1195735 Cross-References: CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVSS scores: CVE-2021-30934 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30934 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30936 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30936 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30951 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30951 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30952 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30952 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30953 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30953 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30954 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30954 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30984 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45481 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45482 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45483 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-22589 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVE-2022-22590 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22592 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-22594 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-690=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-690=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-690=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-690=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-690=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-690=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-690=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-690=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-690=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-690=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-690=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-690=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-690=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 webkit2gtk3-devel-2.34.5-2.85.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 webkit2gtk3-devel-2.34.5-2.85.3 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.5-2.85.3 libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3 libwebkit2gtk-4_0-37-2.34.5-2.85.3 libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3 typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2-4_0-2.34.5-2.85.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3 webkit2gtk3-debugsource-2.34.5-2.85.3 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.34.5-2.85.3 References: https://www.suse.com/security/cve/CVE-2021-30934.html https://www.suse.com/security/cve/CVE-2021-30936.html https://www.suse.com/security/cve/CVE-2021-30951.html https://www.suse.com/security/cve/CVE-2021-30952.html https://www.suse.com/security/cve/CVE-2021-30953.html https://www.suse.com/security/cve/CVE-2021-30954.html https://www.suse.com/security/cve/CVE-2021-30984.html https://www.suse.com/security/cve/CVE-2021-45481.html https://www.suse.com/security/cve/CVE-2021-45482.html https://www.suse.com/security/cve/CVE-2021-45483.html https://www.suse.com/security/cve/CVE-2022-22589.html https://www.suse.com/security/cve/CVE-2022-22590.html https://www.suse.com/security/cve/CVE-2022-22592.html https://www.suse.com/security/cve/CVE-2022-22594.html https://bugzilla.suse.com/1195064 https://bugzilla.suse.com/1195735 From sle-updates at lists.suse.com Thu Mar 3 20:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:17:39 +0100 (CET) Subject: SUSE-SU-2022:0698-1: important: Security update for expat Message-ID: <20220303201739.91478F37C@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0698-1 Rating: important References: #1196025 #1196026 #1196168 #1196169 #1196171 Cross-References: CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVSS scores: CVE-2022-25235 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25235 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25313 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25313 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25314 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25314 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25315 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25315 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-698=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-698=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-698=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-698=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-698=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-698=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-698=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-698=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-698=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-698=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-698=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-698=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-698=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE OpenStack Cloud 9 (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE OpenStack Cloud 8 (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat-devel-2.1.0-21.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): expat-debuginfo-32bit-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): expat-debuginfo-32bit-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 - HPE Helion Openstack 8 (x86_64): expat-2.1.0-21.18.1 expat-debuginfo-2.1.0-21.18.1 expat-debuginfo-32bit-2.1.0-21.18.1 expat-debugsource-2.1.0-21.18.1 libexpat1-2.1.0-21.18.1 libexpat1-32bit-2.1.0-21.18.1 libexpat1-debuginfo-2.1.0-21.18.1 libexpat1-debuginfo-32bit-2.1.0-21.18.1 References: https://www.suse.com/security/cve/CVE-2022-25235.html https://www.suse.com/security/cve/CVE-2022-25236.html https://www.suse.com/security/cve/CVE-2022-25313.html https://www.suse.com/security/cve/CVE-2022-25314.html https://www.suse.com/security/cve/CVE-2022-25315.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196026 https://bugzilla.suse.com/1196168 https://bugzilla.suse.com/1196169 https://bugzilla.suse.com/1196171 From sle-updates at lists.suse.com Thu Mar 3 20:19:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:19:08 +0100 (CET) Subject: SUSE-RU-2022:0700-1: moderate: Recommended update for postgresql13 Message-ID: <20220303201908.3B745F37E@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0700-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql13 fixes the following issues: - Upgrade to 13.6: (bsc#1195680) * https://www.postgresql.org/docs/13/release-13-6.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-700=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-700=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.6-3.18.1 postgresql13-devel-13.6-3.18.1 postgresql13-devel-debuginfo-13.6-3.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.6-3.18.1 postgresql13-server-devel-debuginfo-13.6-3.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-13.6-3.18.1 postgresql13-contrib-13.6-3.18.1 postgresql13-contrib-debuginfo-13.6-3.18.1 postgresql13-debuginfo-13.6-3.18.1 postgresql13-debugsource-13.6-3.18.1 postgresql13-plperl-13.6-3.18.1 postgresql13-plperl-debuginfo-13.6-3.18.1 postgresql13-plpython-13.6-3.18.1 postgresql13-plpython-debuginfo-13.6-3.18.1 postgresql13-pltcl-13.6-3.18.1 postgresql13-pltcl-debuginfo-13.6-3.18.1 postgresql13-server-13.6-3.18.1 postgresql13-server-debuginfo-13.6-3.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.6-3.18.1 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Thu Mar 3 20:19:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:19:57 +0100 (CET) Subject: SUSE-RU-2022:0692-1: moderate: Recommended update for filesystem Message-ID: <20220303201957.5C3C4F37E@maintenance.suse.de> SUSE Recommended Update: Recommended update for filesystem ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0692-1 Rating: moderate References: #1190447 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-692=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-692=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-692=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-692=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-692=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-692=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-692=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-692=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-692=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-692=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-692=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-692=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-692=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-692=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-692=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-692=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-692=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-692=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-692=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-692=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-692=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-692=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): filesystem-15.0-11.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): filesystem-15.0-11.5.1 - SUSE Manager Proxy 4.1 (x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): filesystem-15.0-11.5.1 - SUSE CaaS Platform 4.0 (x86_64): filesystem-15.0-11.5.1 References: https://bugzilla.suse.com/1190447 From sle-updates at lists.suse.com Thu Mar 3 20:20:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:20:45 +0100 (CET) Subject: SUSE-SU-2022:0693-1: important: Security update for cyrus-sasl Message-ID: <20220303202045.A263CF37E@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0693-1 Rating: important References: #1196036 Cross-References: CVE-2022-24407 CVSS scores: CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-693=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-693=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-693=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-693=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-693=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-693=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-693=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cyrus-sasl-2.1.26-14.5.1 cyrus-sasl-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-2.1.26-14.5.1 cyrus-sasl-crammd5-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debuginfo-2.1.26-14.5.1 cyrus-sasl-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-digestmd5-2.1.26-14.5.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-2.1.26-14.5.1 cyrus-sasl-gssapi-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-otp-2.1.26-14.5.1 cyrus-sasl-otp-32bit-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-plain-2.1.26-14.5.1 cyrus-sasl-plain-32bit-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-saslauthd-2.1.26-14.5.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-debugsource-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-32bit-2.1.26-14.5.1 libsasl2-3-2.1.26-14.5.1 libsasl2-3-32bit-2.1.26-14.5.1 libsasl2-3-debuginfo-2.1.26-14.5.1 libsasl2-3-debuginfo-32bit-2.1.26-14.5.1 - SUSE OpenStack Cloud 9 (x86_64): cyrus-sasl-2.1.26-14.5.1 cyrus-sasl-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-2.1.26-14.5.1 cyrus-sasl-crammd5-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debuginfo-2.1.26-14.5.1 cyrus-sasl-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-digestmd5-2.1.26-14.5.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-2.1.26-14.5.1 cyrus-sasl-gssapi-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-otp-2.1.26-14.5.1 cyrus-sasl-otp-32bit-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-plain-2.1.26-14.5.1 cyrus-sasl-plain-32bit-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-saslauthd-2.1.26-14.5.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-debugsource-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-32bit-2.1.26-14.5.1 libsasl2-3-2.1.26-14.5.1 libsasl2-3-32bit-2.1.26-14.5.1 libsasl2-3-debuginfo-2.1.26-14.5.1 libsasl2-3-debuginfo-32bit-2.1.26-14.5.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): cyrus-sasl-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-digestmd5-32bit-2.1.26-14.5.1 cyrus-sasl-digestmd5-debuginfo-32bit-2.1.26-14.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cyrus-sasl-debuginfo-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-devel-2.1.26-14.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cyrus-sasl-2.1.26-14.5.1 cyrus-sasl-crammd5-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-debuginfo-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-digestmd5-2.1.26-14.5.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-2.1.26-14.5.1 cyrus-sasl-otp-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-2.1.26-14.5.1 cyrus-sasl-plain-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-2.1.26-14.5.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-debugsource-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-14.5.1 libsasl2-3-2.1.26-14.5.1 libsasl2-3-debuginfo-2.1.26-14.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): cyrus-sasl-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-otp-32bit-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-plain-32bit-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-32bit-2.1.26-14.5.1 libsasl2-3-32bit-2.1.26-14.5.1 libsasl2-3-debuginfo-32bit-2.1.26-14.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-14.5.1 cyrus-sasl-crammd5-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-debuginfo-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-digestmd5-2.1.26-14.5.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-2.1.26-14.5.1 cyrus-sasl-otp-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-2.1.26-14.5.1 cyrus-sasl-plain-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-2.1.26-14.5.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-debugsource-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-14.5.1 libsasl2-3-2.1.26-14.5.1 libsasl2-3-debuginfo-2.1.26-14.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): cyrus-sasl-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-otp-32bit-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-plain-32bit-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-32bit-2.1.26-14.5.1 libsasl2-3-32bit-2.1.26-14.5.1 libsasl2-3-debuginfo-32bit-2.1.26-14.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-14.5.1 cyrus-sasl-crammd5-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-debuginfo-2.1.26-14.5.1 cyrus-sasl-debugsource-2.1.26-14.5.1 cyrus-sasl-digestmd5-2.1.26-14.5.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-14.5.1 cyrus-sasl-gssapi-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-2.1.26-14.5.1 cyrus-sasl-otp-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-2.1.26-14.5.1 cyrus-sasl-plain-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-2.1.26-14.5.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-14.5.1 cyrus-sasl-saslauthd-debugsource-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-14.5.1 libsasl2-3-2.1.26-14.5.1 libsasl2-3-debuginfo-2.1.26-14.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): cyrus-sasl-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-32bit-2.1.26-14.5.1 cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-32bit-2.1.26-14.5.1 cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-otp-32bit-2.1.26-14.5.1 cyrus-sasl-otp-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-plain-32bit-2.1.26-14.5.1 cyrus-sasl-plain-debuginfo-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-32bit-2.1.26-14.5.1 cyrus-sasl-sqlauxprop-debuginfo-32bit-2.1.26-14.5.1 libsasl2-3-32bit-2.1.26-14.5.1 libsasl2-3-debuginfo-32bit-2.1.26-14.5.1 References: https://www.suse.com/security/cve/CVE-2022-24407.html https://bugzilla.suse.com/1196036 From sle-updates at lists.suse.com Thu Mar 3 20:21:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:21:22 +0100 (CET) Subject: SUSE-RU-2022:0691-1: moderate: Recommended update for resource-agents Message-ID: <20220303202122.2FC75F37E@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0691-1 Rating: moderate References: #1194502 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - Better handling of RA "string indices must be integers" reports. (bsc#1194502) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-691=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-3.46.1 resource-agents-4.4.0+git57.70549516-3.46.1 resource-agents-debuginfo-4.4.0+git57.70549516-3.46.1 resource-agents-debugsource-4.4.0+git57.70549516-3.46.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-3.46.1 References: https://bugzilla.suse.com/1194502 From sle-updates at lists.suse.com Thu Mar 3 20:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:21:56 +0100 (CET) Subject: SUSE-SU-2022:0699-1: moderate: Security update for php7 Message-ID: <20220303202156.8BE75F37E@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0699-1 Rating: moderate References: #1038980 Cross-References: CVE-2017-8923 CVSS scores: CVE-2017-8923 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-8923 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-699=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-699=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.32.1 apache2-mod_php7-debuginfo-7.4.6-3.32.1 php7-7.4.6-3.32.1 php7-bcmath-7.4.6-3.32.1 php7-bcmath-debuginfo-7.4.6-3.32.1 php7-bz2-7.4.6-3.32.1 php7-bz2-debuginfo-7.4.6-3.32.1 php7-calendar-7.4.6-3.32.1 php7-calendar-debuginfo-7.4.6-3.32.1 php7-ctype-7.4.6-3.32.1 php7-ctype-debuginfo-7.4.6-3.32.1 php7-curl-7.4.6-3.32.1 php7-curl-debuginfo-7.4.6-3.32.1 php7-dba-7.4.6-3.32.1 php7-dba-debuginfo-7.4.6-3.32.1 php7-debuginfo-7.4.6-3.32.1 php7-debugsource-7.4.6-3.32.1 php7-devel-7.4.6-3.32.1 php7-dom-7.4.6-3.32.1 php7-dom-debuginfo-7.4.6-3.32.1 php7-enchant-7.4.6-3.32.1 php7-enchant-debuginfo-7.4.6-3.32.1 php7-exif-7.4.6-3.32.1 php7-exif-debuginfo-7.4.6-3.32.1 php7-fastcgi-7.4.6-3.32.1 php7-fastcgi-debuginfo-7.4.6-3.32.1 php7-fileinfo-7.4.6-3.32.1 php7-fileinfo-debuginfo-7.4.6-3.32.1 php7-fpm-7.4.6-3.32.1 php7-fpm-debuginfo-7.4.6-3.32.1 php7-ftp-7.4.6-3.32.1 php7-ftp-debuginfo-7.4.6-3.32.1 php7-gd-7.4.6-3.32.1 php7-gd-debuginfo-7.4.6-3.32.1 php7-gettext-7.4.6-3.32.1 php7-gettext-debuginfo-7.4.6-3.32.1 php7-gmp-7.4.6-3.32.1 php7-gmp-debuginfo-7.4.6-3.32.1 php7-iconv-7.4.6-3.32.1 php7-iconv-debuginfo-7.4.6-3.32.1 php7-intl-7.4.6-3.32.1 php7-intl-debuginfo-7.4.6-3.32.1 php7-json-7.4.6-3.32.1 php7-json-debuginfo-7.4.6-3.32.1 php7-ldap-7.4.6-3.32.1 php7-ldap-debuginfo-7.4.6-3.32.1 php7-mbstring-7.4.6-3.32.1 php7-mbstring-debuginfo-7.4.6-3.32.1 php7-mysql-7.4.6-3.32.1 php7-mysql-debuginfo-7.4.6-3.32.1 php7-odbc-7.4.6-3.32.1 php7-odbc-debuginfo-7.4.6-3.32.1 php7-opcache-7.4.6-3.32.1 php7-opcache-debuginfo-7.4.6-3.32.1 php7-openssl-7.4.6-3.32.1 php7-openssl-debuginfo-7.4.6-3.32.1 php7-pcntl-7.4.6-3.32.1 php7-pcntl-debuginfo-7.4.6-3.32.1 php7-pdo-7.4.6-3.32.1 php7-pdo-debuginfo-7.4.6-3.32.1 php7-pgsql-7.4.6-3.32.1 php7-pgsql-debuginfo-7.4.6-3.32.1 php7-phar-7.4.6-3.32.1 php7-phar-debuginfo-7.4.6-3.32.1 php7-posix-7.4.6-3.32.1 php7-posix-debuginfo-7.4.6-3.32.1 php7-readline-7.4.6-3.32.1 php7-readline-debuginfo-7.4.6-3.32.1 php7-shmop-7.4.6-3.32.1 php7-shmop-debuginfo-7.4.6-3.32.1 php7-snmp-7.4.6-3.32.1 php7-snmp-debuginfo-7.4.6-3.32.1 php7-soap-7.4.6-3.32.1 php7-soap-debuginfo-7.4.6-3.32.1 php7-sockets-7.4.6-3.32.1 php7-sockets-debuginfo-7.4.6-3.32.1 php7-sodium-7.4.6-3.32.1 php7-sodium-debuginfo-7.4.6-3.32.1 php7-sqlite-7.4.6-3.32.1 php7-sqlite-debuginfo-7.4.6-3.32.1 php7-sysvmsg-7.4.6-3.32.1 php7-sysvmsg-debuginfo-7.4.6-3.32.1 php7-sysvsem-7.4.6-3.32.1 php7-sysvsem-debuginfo-7.4.6-3.32.1 php7-sysvshm-7.4.6-3.32.1 php7-sysvshm-debuginfo-7.4.6-3.32.1 php7-tidy-7.4.6-3.32.1 php7-tidy-debuginfo-7.4.6-3.32.1 php7-tokenizer-7.4.6-3.32.1 php7-tokenizer-debuginfo-7.4.6-3.32.1 php7-xmlreader-7.4.6-3.32.1 php7-xmlreader-debuginfo-7.4.6-3.32.1 php7-xmlrpc-7.4.6-3.32.1 php7-xmlrpc-debuginfo-7.4.6-3.32.1 php7-xmlwriter-7.4.6-3.32.1 php7-xmlwriter-debuginfo-7.4.6-3.32.1 php7-xsl-7.4.6-3.32.1 php7-xsl-debuginfo-7.4.6-3.32.1 php7-zip-7.4.6-3.32.1 php7-zip-debuginfo-7.4.6-3.32.1 php7-zlib-7.4.6-3.32.1 php7-zlib-debuginfo-7.4.6-3.32.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.32.1 php7-debugsource-7.4.6-3.32.1 php7-embed-7.4.6-3.32.1 php7-embed-debuginfo-7.4.6-3.32.1 References: https://www.suse.com/security/cve/CVE-2017-8923.html https://bugzilla.suse.com/1038980 From sle-updates at lists.suse.com Thu Mar 3 20:22:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:22:33 +0100 (CET) Subject: SUSE-RU-2022:0697-1: important: Recommended update for yast2 Message-ID: <20220303202233.A6A47F37E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0697-1 Rating: important References: #1195910 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: - Do not strip surrounding white space in CDATA XML elements. (bsc#1195910) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-697=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-697=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-697=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-4.3.68-150300.3.17.1 yast2-logs-4.3.68-150300.3.17.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): yast2-logs-4.3.68-150300.3.17.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-4.3.68-150300.3.17.1 References: https://bugzilla.suse.com/1195910 From sle-updates at lists.suse.com Thu Mar 3 20:23:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:23:11 +0100 (CET) Subject: SUSE-SU-2022:0695-1: important: Security update for tomcat Message-ID: <20220303202311.459A4F37E@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0695-1 Rating: important References: #1195255 Cross-References: CVE-2022-23181 CVSS scores: CVE-2022-23181 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23181 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-695=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-695=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-695=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-695=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-695=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-695=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 - SUSE Enterprise Storage 6 (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 - SUSE CaaS Platform 4.0 (noarch): tomcat-9.0.36-4.70.1 tomcat-admin-webapps-9.0.36-4.70.1 tomcat-el-3_0-api-9.0.36-4.70.1 tomcat-jsp-2_3-api-9.0.36-4.70.1 tomcat-lib-9.0.36-4.70.1 tomcat-servlet-4_0-api-9.0.36-4.70.1 tomcat-webapps-9.0.36-4.70.1 References: https://www.suse.com/security/cve/CVE-2022-23181.html https://bugzilla.suse.com/1195255 From sle-updates at lists.suse.com Thu Mar 3 20:24:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:24:58 +0100 (CET) Subject: SUSE-SU-2022:0702-1: important: Security update for cyrus-sasl Message-ID: <20220303202458.9692EF37E@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0702-1 Rating: important References: #1196036 Cross-References: CVE-2022-24407 CVSS scores: CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-702=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-702=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-702=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-702=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-702=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-702=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-702=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-702=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-702=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-702=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-702=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-702=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-702=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-702=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-702=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-702=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-702=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-702=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-702=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-702=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-702=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Manager Server 4.1 (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Manager Proxy 4.1 (x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Enterprise Storage 7 (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 - SUSE Enterprise Storage 6 (x86_64): cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 - SUSE CaaS Platform 4.0 (x86_64): cyrus-sasl-2.1.26-5.10.1 cyrus-sasl-32bit-2.1.26-5.10.1 cyrus-sasl-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-2.1.26-5.10.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-crammd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-debuginfo-2.1.26-5.10.1 cyrus-sasl-debugsource-2.1.26-5.10.1 cyrus-sasl-devel-2.1.26-5.10.1 cyrus-sasl-digestmd5-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-2.1.26-5.10.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-2.1.26-5.10.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-gssapi-debuginfo-2.1.26-5.10.1 cyrus-sasl-otp-2.1.26-5.10.1 cyrus-sasl-otp-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-2.1.26-5.10.1 cyrus-sasl-plain-32bit-2.1.26-5.10.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-5.10.1 cyrus-sasl-plain-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-2.1.26-5.10.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-5.10.1 cyrus-sasl-saslauthd-debugsource-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-2.1.26-5.10.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-5.10.1 libsasl2-3-2.1.26-5.10.1 libsasl2-3-32bit-2.1.26-5.10.1 libsasl2-3-32bit-debuginfo-2.1.26-5.10.1 libsasl2-3-debuginfo-2.1.26-5.10.1 References: https://www.suse.com/security/cve/CVE-2022-24407.html https://bugzilla.suse.com/1196036 From sle-updates at lists.suse.com Thu Mar 3 20:26:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:26:24 +0100 (CET) Subject: SUSE-SU-2022:0703-1: important: Security update for webkit2gtk3 Message-ID: <20220303202624.55FCAF37E@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0703-1 Rating: important References: #1195064 #1195735 #1196133 Cross-References: CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVSS scores: CVE-2021-30934 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30934 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30936 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30936 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30951 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30951 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30952 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30952 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30953 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30953 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30954 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30954 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30984 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45481 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45482 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45483 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-22589 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVE-2022-22590 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22592 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-22594 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-22620 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-703=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-703=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-703=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-703=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-703=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-703=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-703=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-703=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-703=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-703=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-3.97.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-3.97.1 libwebkit2gtk-4_0-37-2.34.6-3.97.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-3.97.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2-4_0-2.34.6-3.97.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-2.34.6-3.97.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-3.97.1 webkit2gtk3-debugsource-2.34.6-3.97.1 webkit2gtk3-devel-2.34.6-3.97.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.34.6-3.97.1 References: https://www.suse.com/security/cve/CVE-2021-30934.html https://www.suse.com/security/cve/CVE-2021-30936.html https://www.suse.com/security/cve/CVE-2021-30951.html https://www.suse.com/security/cve/CVE-2021-30952.html https://www.suse.com/security/cve/CVE-2021-30953.html https://www.suse.com/security/cve/CVE-2021-30954.html https://www.suse.com/security/cve/CVE-2021-30984.html https://www.suse.com/security/cve/CVE-2021-45481.html https://www.suse.com/security/cve/CVE-2021-45482.html https://www.suse.com/security/cve/CVE-2021-45483.html https://www.suse.com/security/cve/CVE-2022-22589.html https://www.suse.com/security/cve/CVE-2022-22590.html https://www.suse.com/security/cve/CVE-2022-22592.html https://www.suse.com/security/cve/CVE-2022-22594.html https://www.suse.com/security/cve/CVE-2022-22620.html https://bugzilla.suse.com/1195064 https://bugzilla.suse.com/1195735 https://bugzilla.suse.com/1196133 From sle-updates at lists.suse.com Thu Mar 3 20:27:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:27:27 +0100 (CET) Subject: SUSE-SU-2022:0694-1: important: Security update for tomcat Message-ID: <20220303202727.8EE2FF37E@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0694-1 Rating: important References: #1195255 Cross-References: CVE-2022-23181 CVSS scores: CVE-2022-23181 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23181 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-694=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-694=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-694=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-694=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.90.1 tomcat-admin-webapps-9.0.36-3.90.1 tomcat-el-3_0-api-9.0.36-3.90.1 tomcat-jsp-2_3-api-9.0.36-3.90.1 tomcat-lib-9.0.36-3.90.1 tomcat-servlet-4_0-api-9.0.36-3.90.1 tomcat-webapps-9.0.36-3.90.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.90.1 tomcat-admin-webapps-9.0.36-3.90.1 tomcat-el-3_0-api-9.0.36-3.90.1 tomcat-jsp-2_3-api-9.0.36-3.90.1 tomcat-lib-9.0.36-3.90.1 tomcat-servlet-4_0-api-9.0.36-3.90.1 tomcat-webapps-9.0.36-3.90.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.90.1 tomcat-admin-webapps-9.0.36-3.90.1 tomcat-el-3_0-api-9.0.36-3.90.1 tomcat-jsp-2_3-api-9.0.36-3.90.1 tomcat-lib-9.0.36-3.90.1 tomcat-servlet-4_0-api-9.0.36-3.90.1 tomcat-webapps-9.0.36-3.90.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.90.1 tomcat-admin-webapps-9.0.36-3.90.1 tomcat-el-3_0-api-9.0.36-3.90.1 tomcat-jsp-2_3-api-9.0.36-3.90.1 tomcat-lib-9.0.36-3.90.1 tomcat-servlet-4_0-api-9.0.36-3.90.1 tomcat-webapps-9.0.36-3.90.1 References: https://www.suse.com/security/cve/CVE-2022-23181.html https://bugzilla.suse.com/1195255 From sle-updates at lists.suse.com Thu Mar 3 20:28:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:28:10 +0100 (CET) Subject: SUSE-SU-2022:0696-1: important: Security update for MozillaFirefox Message-ID: <20220303202810.7188EF37E@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0696-1 Rating: important References: #1195230 #1195682 Cross-References: CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-696=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-696=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-696=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-696=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-696=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-696=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-696=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-696=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-696=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-696=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-696=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-696=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.6.0-152.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.6.0-152.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.6.0-152.15.1 MozillaFirefox-debuginfo-91.6.0-152.15.1 MozillaFirefox-debugsource-91.6.0-152.15.1 MozillaFirefox-devel-91.6.0-152.15.1 MozillaFirefox-translations-common-91.6.0-152.15.1 MozillaFirefox-translations-other-91.6.0-152.15.1 References: https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1195230 https://bugzilla.suse.com/1195682 From sle-updates at lists.suse.com Thu Mar 3 20:29:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:29:18 +0100 (CET) Subject: SUSE-SU-2022:0704-1: important: Security update for nodejs8 Message-ID: <20220303202918.26543F37E@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0704-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-704=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-704=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-704=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-704=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-704=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-704=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-704=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-704=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-704=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-704=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-704=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-704=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-704=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-704=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-704=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-704=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-704=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-704=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-704=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Manager Server 4.1 (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Manager Proxy 4.1 (x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Manager Proxy 4.1 (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs-common-2.0-3.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs-common-2.0-3.4.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs8-8.17.0-10.19.2 nodejs8-debuginfo-8.17.0-10.19.2 nodejs8-debugsource-8.17.0-10.19.2 nodejs8-devel-8.17.0-10.19.2 npm8-8.17.0-10.19.2 - SUSE Enterprise Storage 7 (noarch): nodejs-common-2.0-3.4.1 nodejs8-docs-8.17.0-10.19.2 - SUSE Enterprise Storage 6 (noarch): nodejs-common-2.0-3.4.1 - SUSE CaaS Platform 4.0 (noarch): nodejs-common-2.0-3.4.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 From sle-updates at lists.suse.com Thu Mar 3 20:31:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Mar 2022 21:31:22 +0100 (CET) Subject: SUSE-RU-2022:0701-1: moderate: Recommended update for sudo Message-ID: <20220303203122.45F4EF37E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0701-1 Rating: moderate References: #1181703 SLE-20068 SLE-22569 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-701=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-701=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-701=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-701=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-701=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-701=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-701=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-701=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-701=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-701=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-701=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-701=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-701=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-701=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-701=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-701=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-701=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-701=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-701=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-701=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-701=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Manager Proxy 4.1 (x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.27-4.24.1 sudo-debuginfo-1.8.27-4.24.1 sudo-debugsource-1.8.27-4.24.1 sudo-devel-1.8.27-4.24.1 References: https://bugzilla.suse.com/1181703 From sle-updates at lists.suse.com Fri Mar 4 08:04:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 09:04:20 +0100 (CET) Subject: SUSE-CU-2022:243-1: Security update of suse/sles12sp3 Message-ID: <20220304080420.6E3BEF381@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:243-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.359 , suse/sles12sp3:latest Container Release : 24.359 Severity : important Type : security References : 1196025 1196026 1196168 1196169 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:698-1 Released: Thu Mar 3 16:35:26 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). The following package changes have been done: - expat-2.1.0-21.18.1 updated - libexpat1-2.1.0-21.18.1 updated From sle-updates at lists.suse.com Fri Mar 4 08:23:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 09:23:13 +0100 (CET) Subject: SUSE-CU-2022:244-1: Security update of suse/sles12sp4 Message-ID: <20220304082313.7C59CF381@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:244-1 Container Tags : suse/sles12sp4:26.418 , suse/sles12sp4:latest Container Release : 26.418 Severity : important Type : security References : 1196025 1196026 1196036 1196168 1196169 1196171 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:693-1 Released: Thu Mar 3 16:04:04 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:698-1 Released: Thu Mar 3 16:35:26 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). The following package changes have been done: - base-container-licenses-3.0-1.269 updated - container-suseconnect-2.0.0-1.162 updated - libexpat1-2.1.0-21.18.1 updated - libsasl2-3-2.1.26-14.5.1 updated From sle-updates at lists.suse.com Fri Mar 4 08:27:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 09:27:08 +0100 (CET) Subject: SUSE-SU-2022:23018-1: moderate: Security update for conmon, libcontainers-common, libseccomp, podman Message-ID: <20220304082708.17203F381@maintenance.suse.de> SUSE Security Update: Security update for conmon, libcontainers-common, libseccomp, podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:23018-1 Rating: moderate References: #1176804 #1177598 #1181640 #1182998 #1188520 #1188914 #1193166 #1193273 SLE-22714 Cross-References: CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVE-2021-4024 CVE-2021-41190 CVSS scores: CVE-2020-14370 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2020-15157 (NVD) : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2020-15157 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-20199 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-20199 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-20291 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20291 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3602 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4024 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-4024 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains one feature and has one errata is now available. Description: This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert ".cirrus.yml: use fresh images for all VMs" * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert "Ensure minimum API version is set correctly in tests" * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print "extracting" only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved "containers/{name}/wait" endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API "images/get" for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting "/" and "/root" * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag "--pidfile" for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume "U" option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume "U" option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-23018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-23018=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-23018=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): conmon-2.0.30-150300.8.3.1 conmon-debuginfo-2.0.30-150300.8.3.1 podman-3.4.4-150300.9.3.2 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): podman-cni-config-3.4.4-150300.9.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.5.3-150300.10.5.1 libseccomp-devel-2.5.3-150300.10.5.1 libseccomp2-2.5.3-150300.10.5.1 libseccomp2-debuginfo-2.5.3-150300.10.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libcontainers-common-20210626-150300.8.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): conmon-2.0.30-150300.8.3.1 conmon-debuginfo-2.0.30-150300.8.3.1 libseccomp-debugsource-2.5.3-150300.10.5.1 libseccomp2-2.5.3-150300.10.5.1 libseccomp2-debuginfo-2.5.3-150300.10.5.1 podman-3.4.4-150300.9.3.2 - SUSE Linux Enterprise Micro 5.1 (noarch): libcontainers-common-20210626-150300.8.3.1 podman-cni-config-3.4.4-150300.9.3.2 References: https://www.suse.com/security/cve/CVE-2020-14370.html https://www.suse.com/security/cve/CVE-2020-15157.html https://www.suse.com/security/cve/CVE-2021-20199.html https://www.suse.com/security/cve/CVE-2021-20291.html https://www.suse.com/security/cve/CVE-2021-3602.html https://www.suse.com/security/cve/CVE-2021-4024.html https://www.suse.com/security/cve/CVE-2021-41190.html https://bugzilla.suse.com/1176804 https://bugzilla.suse.com/1177598 https://bugzilla.suse.com/1181640 https://bugzilla.suse.com/1182998 https://bugzilla.suse.com/1188520 https://bugzilla.suse.com/1188914 https://bugzilla.suse.com/1193166 https://bugzilla.suse.com/1193273 From sle-updates at lists.suse.com Fri Mar 4 11:18:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:18:44 +0100 (CET) Subject: SUSE-RU-2022:0706-1: important: Recommended update for growpart-generator Message-ID: <20220304111844.817DFF381@maintenance.suse.de> SUSE Recommended Update: Recommended update for growpart-generator ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0706-1 Rating: important References: #1196101 Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for growpart-generator fixes the following issues: - Get the parent device with lsblk - Improve the partition number extraction to work with device names containing multiple numbers (bsc#1196101) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-706=1 Package List: - SUSE Linux Enterprise Micro 5.1 (noarch): growpart-generator-0.8-150300.5.3.1 References: https://bugzilla.suse.com/1196101 From sle-updates at lists.suse.com Fri Mar 4 11:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:19:22 +0100 (CET) Subject: SUSE-SU-2022:0705-1: important: Security update for webkit2gtk3 Message-ID: <20220304111922.A1331F381@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0705-1 Rating: important References: #1195064 #1195735 #1196133 Cross-References: CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22620 CVSS scores: CVE-2021-30934 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30934 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30936 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30936 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30951 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30951 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30952 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30952 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30953 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30953 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30954 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30954 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30984 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45481 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45482 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45483 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-22589 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVE-2022-22590 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22592 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-22620 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-705=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-705=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-705=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-705=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-705=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-705=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-705=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-705=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-705=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-705=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-705=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-705=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-705=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.34.6-29.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-29.1 webkit2gtk3-debugsource-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.34.6-29.1 References: https://www.suse.com/security/cve/CVE-2021-30934.html https://www.suse.com/security/cve/CVE-2021-30936.html https://www.suse.com/security/cve/CVE-2021-30951.html https://www.suse.com/security/cve/CVE-2021-30952.html https://www.suse.com/security/cve/CVE-2021-30953.html https://www.suse.com/security/cve/CVE-2021-30954.html https://www.suse.com/security/cve/CVE-2021-30984.html https://www.suse.com/security/cve/CVE-2021-45481.html https://www.suse.com/security/cve/CVE-2021-45482.html https://www.suse.com/security/cve/CVE-2021-45483.html https://www.suse.com/security/cve/CVE-2022-22589.html https://www.suse.com/security/cve/CVE-2022-22590.html https://www.suse.com/security/cve/CVE-2022-22592.html https://www.suse.com/security/cve/CVE-2022-22620.html https://bugzilla.suse.com/1195064 https://bugzilla.suse.com/1195735 https://bugzilla.suse.com/1196133 From sle-updates at lists.suse.com Fri Mar 4 11:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:20:27 +0100 (CET) Subject: SUSE-FU-2022:0709-1: moderate: Feature update for ssh-import-id Message-ID: <20220304112027.1B30CF381@maintenance.suse.de> SUSE Feature Update: Feature update for ssh-import-id ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0709-1 Rating: moderate References: #1154502 #1194137 SLE-20868 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two feature fixes and contains one feature can now be installed. Description: This feature update for ssh-import-id fixes the following issues: - Fix for unavailable python-distro package on SLE-12 - Resolve distribution detection on older platforms (bsc#1194137) - Support importing public ssh keys from GitHub (jsc#SLE-20868, bsc#1154502) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-709=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): ssh-import-id-5.11-8.7.1 References: https://bugzilla.suse.com/1154502 https://bugzilla.suse.com/1194137 From sle-updates at lists.suse.com Fri Mar 4 11:21:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:21:07 +0100 (CET) Subject: SUSE-RU-2022:0710-1: important: Recommended update for samba Message-ID: <20220304112107.40D80F381@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0710-1 Rating: important References: #1173429 #1196308 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for samba fixes the following issues: - Fix ntlm authentications with "winbind use default domain = yes"; (bsc#1173429 bsc#1196308). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-710=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-710=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-710=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.4+git.331.61fc89677dd-3.60.1 libsamba-policy-python3-devel-4.15.4+git.331.61fc89677dd-3.60.1 samba-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-debugsource-4.15.4+git.331.61fc89677dd-3.60.1 samba-devel-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy0-python3-4.15.4+git.331.61fc89677dd-3.60.1 libsamba-policy0-python3-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-libs-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-libs-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-debugsource-4.15.4+git.331.61fc89677dd-3.60.1 samba-ldb-ldap-4.15.4+git.331.61fc89677dd-3.60.1 samba-ldb-ldap-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-python3-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-python3-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-python3-4.15.4+git.331.61fc89677dd-3.60.1 samba-python3-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-tool-4.15.4+git.331.61fc89677dd-3.60.1 samba-winbind-4.15.4+git.331.61fc89677dd-3.60.1 samba-winbind-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-winbind-libs-4.15.4+git.331.61fc89677dd-3.60.1 samba-winbind-libs-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsamba-policy0-python3-32bit-4.15.4+git.331.61fc89677dd-3.60.1 libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-debuginfo-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-libs-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-client-libs-debuginfo-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-debuginfo-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-python3-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-libs-python3-debuginfo-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-winbind-libs-32bit-4.15.4+git.331.61fc89677dd-3.60.1 samba-winbind-libs-debuginfo-32bit-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): samba-devel-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.15.4+git.331.61fc89677dd-3.60.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.4+git.331.61fc89677dd-3.60.1 ctdb-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-debuginfo-4.15.4+git.331.61fc89677dd-3.60.1 samba-debugsource-4.15.4+git.331.61fc89677dd-3.60.1 References: https://bugzilla.suse.com/1173429 https://bugzilla.suse.com/1196308 From sle-updates at lists.suse.com Fri Mar 4 11:21:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:21:46 +0100 (CET) Subject: SUSE-RU-2022:0708-1: critical: Recommended update for icewm-theme-branding Message-ID: <20220304112146.E3AC9F381@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm-theme-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0708-1 Rating: critical References: #1195328 #1196336 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for icewm-theme-branding fixes the following issues: - Fix font configuration after google-droid-fonts update (bsc#1195328, bsc#1196336) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-708=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): icewm-theme-branding-1.2.4-3.15.1 References: https://bugzilla.suse.com/1195328 https://bugzilla.suse.com/1196336 From sle-updates at lists.suse.com Fri Mar 4 11:22:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:22:52 +0100 (CET) Subject: SUSE-RU-2022:0711-1: moderate: Recommended update for sudo Message-ID: <20220304112252.A20C5F381@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0711-1 Rating: moderate References: #1181703 SLE-20068 SLE-22569 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-711=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-711=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.3.1 sudo-debuginfo-1.9.5p2-150300.3.3.1 sudo-debugsource-1.9.5p2-150300.3.3.1 sudo-devel-1.9.5p2-150300.3.3.1 sudo-plugin-python-1.9.5p2-150300.3.3.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.3.1 sudo-debuginfo-1.9.5p2-150300.3.3.1 sudo-debugsource-1.9.5p2-150300.3.3.1 References: https://bugzilla.suse.com/1181703 From sle-updates at lists.suse.com Fri Mar 4 11:23:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 12:23:25 +0100 (CET) Subject: SUSE-RU-2022:0707-1: moderate: Recommended update for selinux-policy Message-ID: <20220304112325.E1EADF381@maintenance.suse.de> SUSE Recommended Update: Recommended update for selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0707-1 Rating: moderate References: #1193987 Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for selinux-policy fixes the following issues: - Fix issues with hyperv labeling (bsc#1193987) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-707=1 Package List: - SUSE Linux Enterprise Micro 5.1 (noarch): selinux-policy-20210716-150300.5.6.1 selinux-policy-devel-20210716-150300.5.6.1 selinux-policy-targeted-20210716-150300.5.6.1 References: https://bugzilla.suse.com/1193987 From sle-updates at lists.suse.com Fri Mar 4 14:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:19:56 +0100 (CET) Subject: SUSE-SU-2022:0712-1: important: Security update for flatpak Message-ID: <20220304141956.1EAD5F381@maintenance.suse.de> SUSE Security Update: Security update for flatpak ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0712-1 Rating: important References: #1194610 #1194611 Cross-References: CVE-2021-43860 CVE-2022-21682 CVSS scores: CVE-2021-43860 (NVD) : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-21682 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-21682 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for flatpak fixes the following issues: Update to flatpak 1.10.7: - CVE-2022-21682: Introduce new option --nofilesystem=host:reset to support flatpak-builder 1.2.2 (bsc#1194611). - CVE-2021-43860: A malicious repository could hav sent invalid application metadata in a way that hides some of the app permissions displayed during installation (bsc#1194610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-712=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-712=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-712=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-712=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-712=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-712=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-712=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-712=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-712=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-712=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-712=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Manager Proxy 4.1 (x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): flatpak-1.10.7-4.12.1 flatpak-debuginfo-1.10.7-4.12.1 flatpak-debugsource-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 libflatpak0-debuginfo-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 References: https://www.suse.com/security/cve/CVE-2021-43860.html https://www.suse.com/security/cve/CVE-2022-21682.html https://bugzilla.suse.com/1194610 https://bugzilla.suse.com/1194611 From sle-updates at lists.suse.com Fri Mar 4 14:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:20:43 +0100 (CET) Subject: SUSE-SU-2022:0717-1: moderate: Security update for gnutls Message-ID: <20220304142043.5971CF381@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0717-1 Rating: moderate References: #1196167 Cross-References: CVE-2021-4209 CVSS scores: CVE-2021-4209 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-717=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-717=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-717=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-717=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gnutls-3.6.7-14.16.1 gnutls-debuginfo-3.6.7-14.16.1 gnutls-debugsource-3.6.7-14.16.1 libgnutls-devel-3.6.7-14.16.1 libgnutls30-3.6.7-14.16.1 libgnutls30-32bit-3.6.7-14.16.1 libgnutls30-32bit-debuginfo-3.6.7-14.16.1 libgnutls30-debuginfo-3.6.7-14.16.1 libgnutls30-hmac-3.6.7-14.16.1 libgnutls30-hmac-32bit-3.6.7-14.16.1 libgnutlsxx-devel-3.6.7-14.16.1 libgnutlsxx28-3.6.7-14.16.1 libgnutlsxx28-debuginfo-3.6.7-14.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-14.16.1 gnutls-debuginfo-3.6.7-14.16.1 gnutls-debugsource-3.6.7-14.16.1 libgnutls-devel-3.6.7-14.16.1 libgnutls30-3.6.7-14.16.1 libgnutls30-debuginfo-3.6.7-14.16.1 libgnutls30-hmac-3.6.7-14.16.1 libgnutlsxx-devel-3.6.7-14.16.1 libgnutlsxx28-3.6.7-14.16.1 libgnutlsxx28-debuginfo-3.6.7-14.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgnutls30-32bit-3.6.7-14.16.1 libgnutls30-32bit-debuginfo-3.6.7-14.16.1 libgnutls30-hmac-32bit-3.6.7-14.16.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gnutls-debuginfo-3.6.7-14.16.1 gnutls-debugsource-3.6.7-14.16.1 libgnutls30-3.6.7-14.16.1 libgnutls30-debuginfo-3.6.7-14.16.1 libgnutls30-hmac-3.6.7-14.16.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): gnutls-debuginfo-3.6.7-14.16.1 gnutls-debugsource-3.6.7-14.16.1 libgnutls30-3.6.7-14.16.1 libgnutls30-debuginfo-3.6.7-14.16.1 References: https://www.suse.com/security/cve/CVE-2021-4209.html https://bugzilla.suse.com/1196167 From sle-updates at lists.suse.com Fri Mar 4 14:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:21:23 +0100 (CET) Subject: SUSE-SU-2022:0723-1: important: Security update for go1.17 Message-ID: <20220304142123.07A7BF381@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0723-1 Rating: important References: #1190649 #1195834 #1195835 #1195838 Cross-References: CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVSS scores: CVE-2022-23772 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23773 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23773 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2022-23806 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-23806 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: "compile: loop" compiler bug? - go#50867 cmd/compile: incorrect use of CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing - go#50781 runtime: incorrect frame information in traceback traversal may hang the process. - go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50297 cmd/link: does not set section type of .init_array correctly - go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-723=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-723=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-723=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-723=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-723=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-723=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-723=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-723=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-723=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-723=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-723=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 - SUSE Manager Server 4.1 (x86_64): go1.17-race-1.17.7-1.20.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 - SUSE Manager Proxy 4.1 (x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 go1.17-race-1.17.7-1.20.1 References: https://www.suse.com/security/cve/CVE-2022-23772.html https://www.suse.com/security/cve/CVE-2022-23773.html https://www.suse.com/security/cve/CVE-2022-23806.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1195834 https://bugzilla.suse.com/1195835 https://bugzilla.suse.com/1195838 From sle-updates at lists.suse.com Fri Mar 4 14:23:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:23:10 +0100 (CET) Subject: SUSE-SU-2022:0729-1: moderate: Security update for SUSE Manager Server 4.2 Message-ID: <20220304142310.2BDC9F381@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0729-1 Rating: moderate References: #1196619 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues: spacewalk-java: - Version 4.2.33-1 * handle npe when syncing ubuntu errata (bsc#1196619) susemanager-sync-data: - Version 4.2.11-1 * change centos 8 eol urls to vault which still work How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-729=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): spacewalk-java-4.2.33-150300.3.23.1 spacewalk-java-config-4.2.33-150300.3.23.1 spacewalk-java-lib-4.2.33-150300.3.23.1 spacewalk-java-postgresql-4.2.33-150300.3.23.1 spacewalk-taskomatic-4.2.33-150300.3.23.1 susemanager-sync-data-4.2.11-150300.3.15.1 References: https://bugzilla.suse.com/1196619 From sle-updates at lists.suse.com Fri Mar 4 14:23:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:23:43 +0100 (CET) Subject: SUSE-SU-2022:0720-1: moderate: Security update for containerd Message-ID: <20220304142343.F1C59F381@maintenance.suse.de> SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0720-1 Rating: moderate References: #1196441 Cross-References: CVE-2022-23648 CVSS scores: CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-720=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-720=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-720=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-63.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): containerd-1.4.12-63.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): containerd-1.4.12-63.1 References: https://www.suse.com/security/cve/CVE-2022-23648.html https://bugzilla.suse.com/1196441 From sle-updates at lists.suse.com Fri Mar 4 14:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:24:26 +0100 (CET) Subject: SUSE-SU-2022:0725-1: important: Security update for mariadb Message-ID: <20220304142426.295EFF381@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0725-1 Rating: important References: #1195325 #1195334 #1195339 #1196016 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.43 (bsc#1196016): 10.2.43: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 10.2.42: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-725=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-725=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-725=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-725=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-725=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-725=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-725=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-725=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-725=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-725=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE Enterprise Storage 6 (noarch): mariadb-errormessages-10.2.43-3.51.1 - SUSE CaaS Platform 4.0 (x86_64): libmysqld-devel-10.2.43-3.51.1 libmysqld19-10.2.43-3.51.1 libmysqld19-debuginfo-10.2.43-3.51.1 mariadb-10.2.43-3.51.1 mariadb-client-10.2.43-3.51.1 mariadb-client-debuginfo-10.2.43-3.51.1 mariadb-debuginfo-10.2.43-3.51.1 mariadb-debugsource-10.2.43-3.51.1 mariadb-tools-10.2.43-3.51.1 mariadb-tools-debuginfo-10.2.43-3.51.1 - SUSE CaaS Platform 4.0 (noarch): mariadb-errormessages-10.2.43-3.51.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 From sle-updates at lists.suse.com Fri Mar 4 14:26:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:26:15 +0100 (CET) Subject: SUSE-SU-2022:0715-1: important: Security update for nodejs14 Message-ID: <20220304142615.1BBA1F381@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0715-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-715=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-715=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-715=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-715=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-715=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-715=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-715=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-715=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-715=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-715=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-715=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Manager Server 4.1 (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Manager Proxy 4.1 (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs14-docs-14.19.0-15.27.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs14-14.19.0-15.27.1 nodejs14-debuginfo-14.19.0-15.27.1 nodejs14-debugsource-14.19.0-15.27.1 nodejs14-devel-14.19.0-15.27.1 npm14-14.19.0-15.27.1 - SUSE Enterprise Storage 7 (noarch): nodejs14-docs-14.19.0-15.27.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 From sle-updates at lists.suse.com Fri Mar 4 14:27:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:27:29 +0100 (CET) Subject: SUSE-SU-2022:0721-1: important: Security update for kernel-firmware Message-ID: <20220304142729.8EE2CF381@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0721-1 Rating: important References: #1195786 #1196333 Cross-References: CVE-2021-0066 CVE-2021-0072 CVE-2021-0076 CVE-2021-0161 CVE-2021-0164 CVE-2021-0165 CVE-2021-0166 CVE-2021-0168 CVE-2021-0170 CVE-2021-0172 CVE-2021-0173 CVE-2021-0174 CVE-2021-0175 CVE-2021-0176 CVE-2021-0183 CVE-2021-33139 CVE-2021-33155 CVSS scores: CVE-2021-0066 (NVD) : 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0066 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0072 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0072 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0076 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0076 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0161 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0161 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0164 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0164 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0165 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0165 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0168 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0168 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0170 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0170 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0172 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0172 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0173 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0173 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0174 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0174 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0175 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0175 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0176 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-0176 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-0183 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0183 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: - Update Intel Wireless firmware for 9xxx (CVE-2021-0161, CVE-2021-0164,CVE-2021-0165,CVE-2021-0066,CVE-2021-0166, CVE-2021-0168,CVE-2021-0170,CVE-2021-0172,CVE-2021-0173, CVE-2021-0174,CVE-2021-0175,CVE-2021-0076,CVE-2021-0176, CVE-2021-0183,CVE-2021-0072,INTEL-SA-00539,bsc#1196333): iwlwifi-9000-pu-b0-jf-b0-46.ucode iwlwifi-9000-pu-b0-jf-b0-46.ucode - Update Intel Bluetooth firmware (CVE-2021-33139,CVE-2021-33155, INTEL-SA-00604,bsc#1195786) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-721=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-721=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-721=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-721=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-721=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-721=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-721=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-721=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-721=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-721=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-721=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-721=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-721=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-721=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-721=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-721=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-721=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Manager Proxy 4.1 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise Micro 5.0 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Enterprise Storage 7 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE Enterprise Storage 6 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 - SUSE CaaS Platform 4.0 (noarch): kernel-firmware-20200107-3.26.1 ucode-amd-20200107-3.26.1 References: https://www.suse.com/security/cve/CVE-2021-0066.html https://www.suse.com/security/cve/CVE-2021-0072.html https://www.suse.com/security/cve/CVE-2021-0076.html https://www.suse.com/security/cve/CVE-2021-0161.html https://www.suse.com/security/cve/CVE-2021-0164.html https://www.suse.com/security/cve/CVE-2021-0165.html https://www.suse.com/security/cve/CVE-2021-0166.html https://www.suse.com/security/cve/CVE-2021-0168.html https://www.suse.com/security/cve/CVE-2021-0170.html https://www.suse.com/security/cve/CVE-2021-0172.html https://www.suse.com/security/cve/CVE-2021-0173.html https://www.suse.com/security/cve/CVE-2021-0174.html https://www.suse.com/security/cve/CVE-2021-0175.html https://www.suse.com/security/cve/CVE-2021-0176.html https://www.suse.com/security/cve/CVE-2021-0183.html https://www.suse.com/security/cve/CVE-2021-33139.html https://www.suse.com/security/cve/CVE-2021-33155.html https://bugzilla.suse.com/1195786 https://bugzilla.suse.com/1196333 From sle-updates at lists.suse.com Fri Mar 4 14:29:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:29:28 +0100 (CET) Subject: SUSE-SU-2022:0713-1: important: Security update for expat Message-ID: <20220304142928.B49F2F381@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0713-1 Rating: important References: #1196025 #1196026 #1196168 #1196169 #1196171 Cross-References: CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVSS scores: CVE-2022-25235 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25235 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25313 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25313 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25314 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25314 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25315 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25315 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-713=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-713=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-713=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-713=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-713=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-713=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-713=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-713=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-713=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-713=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-713=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-713=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-713=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-713=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-713=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-713=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-713=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-713=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-713=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-713=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-713=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-713=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-713=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-3.15.1 expat-32bit-debuginfo-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-3.15.1 expat-32bit-debuginfo-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-3.15.1 expat-32bit-debuginfo-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-3.15.1 expat-32bit-debuginfo-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): expat-2.2.5-3.15.1 expat-32bit-debuginfo-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-3.15.1 expat-32bit-debuginfo-2.2.5-3.15.1 expat-debuginfo-2.2.5-3.15.1 expat-debugsource-2.2.5-3.15.1 libexpat-devel-2.2.5-3.15.1 libexpat1-2.2.5-3.15.1 libexpat1-32bit-2.2.5-3.15.1 libexpat1-32bit-debuginfo-2.2.5-3.15.1 libexpat1-debuginfo-2.2.5-3.15.1 References: https://www.suse.com/security/cve/CVE-2022-25235.html https://www.suse.com/security/cve/CVE-2022-25236.html https://www.suse.com/security/cve/CVE-2022-25313.html https://www.suse.com/security/cve/CVE-2022-25314.html https://www.suse.com/security/cve/CVE-2022-25315.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196026 https://bugzilla.suse.com/1196168 https://bugzilla.suse.com/1196169 https://bugzilla.suse.com/1196171 From sle-updates at lists.suse.com Fri Mar 4 14:31:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:31:38 +0100 (CET) Subject: SUSE-SU-2022:0724-1: important: Security update for go1.16 Message-ID: <20220304143138.ED77EF381@maintenance.suse.de> SUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0724-1 Rating: important References: #1182345 #1195834 #1195835 #1195838 Cross-References: CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVSS scores: CVE-2022-23772 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23773 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23773 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2022-23806 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-23806 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50700 math/big: Rat.SetString may consume large amount of RAM and crash - go#50686 cmd/go: do not treat branches with semantic-version names as releases - go#50866 cmd/compile: incorrect use of CMN on arm64 - go#50832 runtime/race: NoRaceMutexPureHappensBefore failures - go#50811 cmd/go: remove bitbucket VCS probing - go#50780 runtime: incorrect frame information in traceback traversal may hang the process. - go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50645 testing: surprising interaction of subtests with TempDir - go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-724=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-724=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-724=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-724=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-724=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-724=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-724=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-724=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-724=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-724=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-724=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-724=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 - SUSE Manager Server 4.1 (x86_64): go1.16-race-1.16.14-1.43.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 - SUSE Manager Proxy 4.1 (x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.16-1.16.14-1.43.1 go1.16-doc-1.16.14-1.43.1 go1.16-race-1.16.14-1.43.1 References: https://www.suse.com/security/cve/CVE-2022-23772.html https://www.suse.com/security/cve/CVE-2022-23773.html https://www.suse.com/security/cve/CVE-2022-23806.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1195834 https://bugzilla.suse.com/1195835 https://bugzilla.suse.com/1195838 From sle-updates at lists.suse.com Fri Mar 4 14:33:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:33:45 +0100 (CET) Subject: SUSE-SU-2022:0719-1: moderate: Security update for containerd Message-ID: <20220304143345.A3997F381@maintenance.suse.de> SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0719-1 Rating: moderate References: #1196441 Cross-References: CVE-2022-23648 CVSS scores: CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-719=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.4.13-16.54.1 References: https://www.suse.com/security/cve/CVE-2022-23648.html https://bugzilla.suse.com/1196441 From sle-updates at lists.suse.com Fri Mar 4 14:34:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:34:36 +0100 (CET) Subject: SUSE-SU-2022:0722-1: important: Security update for wireshark Message-ID: <20220304143436.64C3FF381@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0722-1 Rating: important References: #1195866 #1195867 #1195868 #1195869 #1195870 Cross-References: CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586 CVSS scores: CVE-2022-0581 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0581 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0582 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0582 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0583 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0583 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0585 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0585 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0586 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0586 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Update to Wireshark 3.6.2: - CVE-2022-0586: RTMPT dissector infinite loop (bsc#1195866) - CVE-2022-0585: Large loops in multiple dissectors (bsc#1195867) - CVE-2022-0583: PVFS dissector crash (bsc#1195868) - CVE-2022-0582: CSN.1 dissector crash (bsc#1195869) - CVE-2022-0581: CMS dissector crash (bsc#1195870) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-722=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-722=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-722=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-722=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-722=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-722=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-722=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-722=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-722=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-722=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-722=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-722=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-722=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-722=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-722=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-722=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-722=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-722=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-722=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-722=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-722=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-722=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-722=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-722=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Manager Proxy 4.1 (x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 - SUSE CaaS Platform 4.0 (x86_64): libwireshark15-3.6.2-3.71.1 libwireshark15-debuginfo-3.6.2-3.71.1 libwiretap12-3.6.2-3.71.1 libwiretap12-debuginfo-3.6.2-3.71.1 libwsutil13-3.6.2-3.71.1 libwsutil13-debuginfo-3.6.2-3.71.1 wireshark-3.6.2-3.71.1 wireshark-debuginfo-3.6.2-3.71.1 wireshark-debugsource-3.6.2-3.71.1 wireshark-devel-3.6.2-3.71.1 wireshark-ui-qt-3.6.2-3.71.1 wireshark-ui-qt-debuginfo-3.6.2-3.71.1 References: https://www.suse.com/security/cve/CVE-2022-0581.html https://www.suse.com/security/cve/CVE-2022-0582.html https://www.suse.com/security/cve/CVE-2022-0583.html https://www.suse.com/security/cve/CVE-2022-0585.html https://www.suse.com/security/cve/CVE-2022-0586.html https://bugzilla.suse.com/1195866 https://bugzilla.suse.com/1195867 https://bugzilla.suse.com/1195868 https://bugzilla.suse.com/1195869 https://bugzilla.suse.com/1195870 From sle-updates at lists.suse.com Fri Mar 4 14:37:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:37:16 +0100 (CET) Subject: SUSE-SU-2022:14903-1: important: Security update for expat Message-ID: <20220304143716.16956F382@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14903-1 Rating: important References: #1196025 #1196026 #1196168 #1196169 #1196171 Cross-References: CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVSS scores: CVE-2022-25235 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25235 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25313 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25313 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-25314 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25314 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25315 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25315 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-expat-14903=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-expat-14903=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-expat-14903=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-expat-14903=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): expat-2.0.1-88.42.18.1 libexpat1-2.0.1-88.42.18.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.42.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): expat-2.0.1-88.42.18.1 libexpat1-2.0.1-88.42.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): expat-debuginfo-2.0.1-88.42.18.1 expat-debugsource-2.0.1-88.42.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): expat-debuginfo-2.0.1-88.42.18.1 expat-debugsource-2.0.1-88.42.18.1 References: https://www.suse.com/security/cve/CVE-2022-25235.html https://www.suse.com/security/cve/CVE-2022-25236.html https://www.suse.com/security/cve/CVE-2022-25313.html https://www.suse.com/security/cve/CVE-2022-25314.html https://www.suse.com/security/cve/CVE-2022-25315.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196026 https://bugzilla.suse.com/1196168 https://bugzilla.suse.com/1196169 https://bugzilla.suse.com/1196171 From sle-updates at lists.suse.com Fri Mar 4 14:38:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:38:22 +0100 (CET) Subject: SUSE-SU-2022:0726-1: important: Security update for mariadb Message-ID: <20220304143822.914DFF382@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0726-1 Rating: important References: #1195325 #1195334 #1195339 #1196016 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - Update to 10.4.24 (bsc#1196016): * 10.4.24: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.4.23: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-726=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-726=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-726=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-726=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-726=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-726=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-726=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-726=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-726=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-726=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Manager Server 4.1 (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Manager Retail Branch Server 4.1 (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Manager Proxy 4.1 (x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Manager Proxy 4.1 (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): mariadb-errormessages-10.4.24-3.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libmariadbd-devel-10.4.24-3.25.1 libmariadbd19-10.4.24-3.25.1 libmariadbd19-debuginfo-10.4.24-3.25.1 mariadb-10.4.24-3.25.1 mariadb-client-10.4.24-3.25.1 mariadb-client-debuginfo-10.4.24-3.25.1 mariadb-debuginfo-10.4.24-3.25.1 mariadb-debugsource-10.4.24-3.25.1 mariadb-tools-10.4.24-3.25.1 mariadb-tools-debuginfo-10.4.24-3.25.1 - SUSE Enterprise Storage 7 (noarch): mariadb-errormessages-10.4.24-3.25.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 From sle-updates at lists.suse.com Fri Mar 4 14:41:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:41:09 +0100 (CET) Subject: SUSE-FU-2022:0718-1: moderate: Feature update for duperemove Message-ID: <20220304144109.E8211F382@maintenance.suse.de> SUSE Feature Update: Feature update for duperemove ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0718-1 Rating: moderate References: SLE-11306 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for duperemove fixes the following issue: Update from version 0.11.beta4 to version 0.11.3 (jsc#SLE-11306) - Increase open file limit. - Create hash database file with 600 permission for improved security. - Read more data per pread, for v2 hashfile format this reduces the overall number of syscalls made which in turns results in better performance. - Fix truncated file handling, eliminating a an infinite loop case. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-718=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-718=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): duperemove-0.11.3-3.3.1 duperemove-debuginfo-0.11.3-3.3.1 duperemove-debugsource-0.11.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): duperemove-0.11.3-3.3.1 duperemove-debuginfo-0.11.3-3.3.1 duperemove-debugsource-0.11.3-3.3.1 References: From sle-updates at lists.suse.com Fri Mar 4 14:42:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:42:30 +0100 (CET) Subject: SUSE-RU-2022:0728-1: moderate: Recommended update for SUSE Manager 4.2.5 Release Notes Message-ID: <20220304144230.2AE19F382@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.2.5 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0728-1 Rating: moderate References: Affected Products: SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSE Manager 4.2.5 Release Notes provides the following additions: Release notes for SUSE Manager: - Fix the documentation URL for the "Pay-as-you-go" feature. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-728=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.5-150300.3.30.1 References: From sle-updates at lists.suse.com Fri Mar 4 14:43:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:43:15 +0100 (CET) Subject: SUSE-SU-2022:0716-1: important: Security update for wpa_supplicant Message-ID: <20220304144315.BF482F382@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0716-1 Rating: important References: #1194732 #1194733 Cross-References: CVE-2022-23303 CVE-2022-23304 CVSS scores: CVE-2022-23303 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23303 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23304 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23304 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-716=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-716=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-716=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-716=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-716=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-716=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-716=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-716=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-716=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-716=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-716=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-716=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-716=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-716=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-716=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-716=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-716=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-716=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-716=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-716=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-716=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-716=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-716=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-716=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Manager Proxy 4.1 (x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 - SUSE CaaS Platform 4.0 (x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 References: https://www.suse.com/security/cve/CVE-2022-23303.html https://www.suse.com/security/cve/CVE-2022-23304.html https://bugzilla.suse.com/1194732 https://bugzilla.suse.com/1194733 From sle-updates at lists.suse.com Fri Mar 4 14:44:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 15:44:13 +0100 (CET) Subject: SUSE-SU-2022:0727-1: moderate: Security update for libeconf, shadow and util-linux Message-ID: <20220304144413.7A7A4F382@maintenance.suse.de> SUSE Security Update: Security update for libeconf, shadow and util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0727-1 Rating: moderate References: #1188507 #1192954 #1193632 #1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3996 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves two vulnerabilities, contains two features and has two fixes is now available. Description: This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-727=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-727=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-727=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-727=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.36.2-150300.4.14.2 util-linux-systemd-debugsource-2.36.2-150300.4.14.2 uuidd-2.36.2-150300.4.14.2 uuidd-debuginfo-2.36.2-150300.4.14.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.36.2-150300.4.14.3 libblkid-devel-static-2.36.2-150300.4.14.3 libblkid1-2.36.2-150300.4.14.3 libblkid1-debuginfo-2.36.2-150300.4.14.3 libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2 libfdisk-devel-2.36.2-150300.4.14.3 libfdisk1-2.36.2-150300.4.14.3 libfdisk1-debuginfo-2.36.2-150300.4.14.3 libmount-devel-2.36.2-150300.4.14.3 libmount1-2.36.2-150300.4.14.3 libmount1-debuginfo-2.36.2-150300.4.14.3 libsmartcols-devel-2.36.2-150300.4.14.3 libsmartcols1-2.36.2-150300.4.14.3 libsmartcols1-debuginfo-2.36.2-150300.4.14.3 libuuid-devel-2.36.2-150300.4.14.3 libuuid-devel-static-2.36.2-150300.4.14.3 libuuid1-2.36.2-150300.4.14.3 libuuid1-debuginfo-2.36.2-150300.4.14.3 shadow-4.8.1-150300.4.3.8 shadow-debuginfo-4.8.1-150300.4.3.8 shadow-debugsource-4.8.1-150300.4.3.8 util-linux-2.36.2-150300.4.14.3 util-linux-debuginfo-2.36.2-150300.4.14.3 util-linux-debugsource-2.36.2-150300.4.14.3 util-linux-systemd-2.36.2-150300.4.14.2 util-linux-systemd-debuginfo-2.36.2-150300.4.14.2 util-linux-systemd-debugsource-2.36.2-150300.4.14.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libblkid1-32bit-2.36.2-150300.4.14.3 libblkid1-32bit-debuginfo-2.36.2-150300.4.14.3 libmount1-32bit-2.36.2-150300.4.14.3 libmount1-32bit-debuginfo-2.36.2-150300.4.14.3 libuuid1-32bit-2.36.2-150300.4.14.3 libuuid1-32bit-debuginfo-2.36.2-150300.4.14.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): login_defs-4.8.1-150300.4.3.8 util-linux-lang-2.36.2-150300.4.14.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.14.3 libblkid1-debuginfo-2.36.2-150300.4.14.3 libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2 libfdisk1-2.36.2-150300.4.14.3 libfdisk1-debuginfo-2.36.2-150300.4.14.3 libmount1-2.36.2-150300.4.14.3 libmount1-debuginfo-2.36.2-150300.4.14.3 libsmartcols1-2.36.2-150300.4.14.3 libsmartcols1-debuginfo-2.36.2-150300.4.14.3 libuuid1-2.36.2-150300.4.14.3 libuuid1-debuginfo-2.36.2-150300.4.14.3 shadow-4.8.1-150300.4.3.8 shadow-debuginfo-4.8.1-150300.4.3.8 shadow-debugsource-4.8.1-150300.4.3.8 util-linux-2.36.2-150300.4.14.3 util-linux-debuginfo-2.36.2-150300.4.14.3 util-linux-debugsource-2.36.2-150300.4.14.3 util-linux-systemd-2.36.2-150300.4.14.2 util-linux-systemd-debuginfo-2.36.2-150300.4.14.2 util-linux-systemd-debugsource-2.36.2-150300.4.14.2 - SUSE Linux Enterprise Micro 5.1 (noarch): login_defs-4.8.1-150300.4.3.8 References: https://www.suse.com/security/cve/CVE-2021-3995.html https://www.suse.com/security/cve/CVE-2021-3996.html https://bugzilla.suse.com/1188507 https://bugzilla.suse.com/1192954 https://bugzilla.suse.com/1193632 https://bugzilla.suse.com/1194976 From sle-updates at lists.suse.com Fri Mar 4 17:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:16:52 +0100 (CET) Subject: SUSE-SU-2022:0735-1: important: Security update for zsh Message-ID: <20220304171652.2FCF9F381@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0735-1 Rating: important References: #1163882 #1196435 Cross-References: CVE-2019-20044 CVE-2021-45444 CVSS scores: CVE-2019-20044 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20044 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-735=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-735=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-735=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-735=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-735=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-735=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-735=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-735=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-735=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-735=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-735=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-735=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-735=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-735=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-735=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-735=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-735=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-735=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Manager Proxy 4.1 (x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 - SUSE CaaS Platform 4.0 (x86_64): zsh-5.6-7.5.1 zsh-debuginfo-5.6-7.5.1 zsh-debugsource-5.6-7.5.1 References: https://www.suse.com/security/cve/CVE-2019-20044.html https://www.suse.com/security/cve/CVE-2021-45444.html https://bugzilla.suse.com/1163882 https://bugzilla.suse.com/1196435 From sle-updates at lists.suse.com Fri Mar 4 17:17:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:17:59 +0100 (CET) Subject: SUSE-SU-2022:0736-1: important: Security update for vim Message-ID: <20220304171759.86AF0F381@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0736-1 Rating: important References: #1190533 #1190570 #1191893 #1192478 #1192481 #1193294 #1193298 #1194216 #1194556 #1195004 #1195066 #1195126 #1195202 #1195356 Cross-References: CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-4019 CVE-2021-4193 CVE-2021-46059 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 CVSS scores: CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3778 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H CVE-2021-3796 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3928 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-736=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-736=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-736=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-736=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-736=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-736=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-736=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-736=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-736=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-736=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-736=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-736=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-736=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-736=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-736=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-736=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-736=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-736=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-736=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-736=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-736=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-736=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-736=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-736=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-736=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-736=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Manager Server 4.1 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Manager Retail Branch Server 4.1 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Manager Proxy 4.1 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Manager Proxy 4.1 (x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 vim-small-8.0.1568-5.17.1 vim-small-debuginfo-8.0.1568-5.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 vim-small-8.0.1568-5.17.1 vim-small-debuginfo-8.0.1568-5.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 vim-small-8.0.1568-5.17.1 vim-small-debuginfo-8.0.1568-5.17.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 vim-small-8.0.1568-5.17.1 vim-small-debuginfo-8.0.1568-5.17.1 - SUSE Linux Enterprise Micro 5.0 (noarch): vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Enterprise Storage 7 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 - SUSE Enterprise Storage 6 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE CaaS Platform 4.0 (noarch): vim-data-8.0.1568-5.17.1 vim-data-common-8.0.1568-5.17.1 - SUSE CaaS Platform 4.0 (x86_64): gvim-8.0.1568-5.17.1 gvim-debuginfo-8.0.1568-5.17.1 vim-8.0.1568-5.17.1 vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 References: https://www.suse.com/security/cve/CVE-2021-3778.html https://www.suse.com/security/cve/CVE-2021-3796.html https://www.suse.com/security/cve/CVE-2021-3872.html https://www.suse.com/security/cve/CVE-2021-3927.html https://www.suse.com/security/cve/CVE-2021-3928.html https://www.suse.com/security/cve/CVE-2021-3984.html https://www.suse.com/security/cve/CVE-2021-4019.html https://www.suse.com/security/cve/CVE-2021-4193.html https://www.suse.com/security/cve/CVE-2021-46059.html https://www.suse.com/security/cve/CVE-2022-0318.html https://www.suse.com/security/cve/CVE-2022-0319.html https://www.suse.com/security/cve/CVE-2022-0351.html https://www.suse.com/security/cve/CVE-2022-0361.html https://www.suse.com/security/cve/CVE-2022-0413.html https://bugzilla.suse.com/1190533 https://bugzilla.suse.com/1190570 https://bugzilla.suse.com/1191893 https://bugzilla.suse.com/1192478 https://bugzilla.suse.com/1192481 https://bugzilla.suse.com/1193294 https://bugzilla.suse.com/1193298 https://bugzilla.suse.com/1194216 https://bugzilla.suse.com/1194556 https://bugzilla.suse.com/1195004 https://bugzilla.suse.com/1195066 https://bugzilla.suse.com/1195126 https://bugzilla.suse.com/1195202 https://bugzilla.suse.com/1195356 From sle-updates at lists.suse.com Fri Mar 4 17:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:20:01 +0100 (CET) Subject: SUSE-SU-2022:0732-1: important: Security update for zsh Message-ID: <20220304172001.F2196F381@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0732-1 Rating: important References: #1163882 #1196435 Cross-References: CVE-2019-20044 CVE-2021-45444 CVSS scores: CVE-2019-20044 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20044 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-732=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-732=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-732=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-732=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): zsh-5.6-3.11.1 zsh-debuginfo-5.6-3.11.1 zsh-debugsource-5.6-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): zsh-5.6-3.11.1 zsh-debuginfo-5.6-3.11.1 zsh-debugsource-5.6-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): zsh-5.6-3.11.1 zsh-debuginfo-5.6-3.11.1 zsh-debugsource-5.6-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): zsh-5.6-3.11.1 zsh-debuginfo-5.6-3.11.1 zsh-debugsource-5.6-3.11.1 References: https://www.suse.com/security/cve/CVE-2019-20044.html https://www.suse.com/security/cve/CVE-2021-45444.html https://bugzilla.suse.com/1163882 https://bugzilla.suse.com/1196435 From sle-updates at lists.suse.com Fri Mar 4 17:20:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:20:49 +0100 (CET) Subject: SUSE-SU-2022:0733-1: important: Security update for zsh Message-ID: <20220304172049.9E64DF381@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0733-1 Rating: important References: #1089030 #1163882 #1196435 Cross-References: CVE-2018-1100 CVE-2019-20044 CVE-2021-45444 CVSS scores: CVE-2018-1100 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-1100 (SUSE): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2019-20044 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20044 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-45444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-1100: Fixed a potential code execution via a stack-based buffer overflow in utils.c:checkmailpath() (bsc#1089030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-733=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-733=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-733=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-733=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-733=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-733=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-733=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-733=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-733=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-733=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-733=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-733=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE OpenStack Cloud 9 (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE OpenStack Cloud 8 (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 - HPE Helion Openstack 8 (x86_64): zsh-5.0.5-6.19.1 zsh-debuginfo-5.0.5-6.19.1 zsh-debugsource-5.0.5-6.19.1 References: https://www.suse.com/security/cve/CVE-2018-1100.html https://www.suse.com/security/cve/CVE-2019-20044.html https://www.suse.com/security/cve/CVE-2021-45444.html https://bugzilla.suse.com/1089030 https://bugzilla.suse.com/1163882 https://bugzilla.suse.com/1196435 From sle-updates at lists.suse.com Fri Mar 4 17:21:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:21:43 +0100 (CET) Subject: SUSE-SU-2022:0731-1: important: Security update for mariadb Message-ID: <20220304172143.0414EF381@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0731-1 Rating: important References: #1195325 #1195334 #1195339 #1196016 SLE-22245 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains one feature is now available. Description: This update for mariadb fixes the following issues: - Update to 10.5.15 (bsc#1196016): * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-731=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.5.15-150300.3.15.1 libmariadbd19-10.5.15-150300.3.15.1 libmariadbd19-debuginfo-10.5.15-150300.3.15.1 mariadb-10.5.15-150300.3.15.1 mariadb-client-10.5.15-150300.3.15.1 mariadb-client-debuginfo-10.5.15-150300.3.15.1 mariadb-debuginfo-10.5.15-150300.3.15.1 mariadb-debugsource-10.5.15-150300.3.15.1 mariadb-tools-10.5.15-150300.3.15.1 mariadb-tools-debuginfo-10.5.15-150300.3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): mariadb-errormessages-10.5.15-150300.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 From sle-updates at lists.suse.com Fri Mar 4 17:22:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:22:40 +0100 (CET) Subject: SUSE-SU-2022:0734-1: important: Security update for python-Twisted Message-ID: <20220304172240.AE8A5F381@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0734-1 Rating: important References: #1195667 Cross-References: CVE-2022-21712 CVSS scores: CVE-2022-21712 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21712 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-21712: Fixed secret exposure in cross-origin redirects (bsc#1195667, GHSA-92x2-jw7w-xvvx) from Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-734=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-734=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-734=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-734=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-734=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-734=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.11.1 python-Twisted-debuginfo-15.2.1-9.11.1 python-Twisted-debugsource-15.2.1-9.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.11.1 python-Twisted-debuginfo-15.2.1-9.11.1 python-Twisted-debugsource-15.2.1-9.11.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.11.1 python-Twisted-debuginfo-15.2.1-9.11.1 python-Twisted-debugsource-15.2.1-9.11.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.11.1 python-Twisted-debuginfo-15.2.1-9.11.1 python-Twisted-debugsource-15.2.1-9.11.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.11.1 python-Twisted-debuginfo-15.2.1-9.11.1 python-Twisted-debugsource-15.2.1-9.11.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.11.1 python-Twisted-debuginfo-15.2.1-9.11.1 python-Twisted-debugsource-15.2.1-9.11.1 References: https://www.suse.com/security/cve/CVE-2022-21712.html https://bugzilla.suse.com/1195667 From sle-updates at lists.suse.com Fri Mar 4 17:26:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 18:26:21 +0100 (CET) Subject: SUSE-SU-2022:0730-1: moderate: Security update for java-11-openjdk Message-ID: <20220304172621.899E3F381@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0730-1 Rating: moderate References: #1194925 #1194926 #1194927 #1194928 #1194929 #1194930 #1194931 #1194932 #1194933 #1194934 #1194935 #1194937 #1194939 #1194940 #1194941 Cross-References: CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVSS scores: CVE-2022-21248 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21248 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21277 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21277 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21282 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21282 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21283 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21283 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21291 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21291 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21293 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21293 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21296 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21305 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21305 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21340 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21340 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21366 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21366 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-730=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.14.0-3.40.4 java-11-openjdk-debugsource-11.0.14.0-3.40.4 java-11-openjdk-demo-11.0.14.0-3.40.4 java-11-openjdk-devel-11.0.14.0-3.40.4 java-11-openjdk-headless-11.0.14.0-3.40.4 References: https://www.suse.com/security/cve/CVE-2022-21248.html https://www.suse.com/security/cve/CVE-2022-21277.html https://www.suse.com/security/cve/CVE-2022-21282.html https://www.suse.com/security/cve/CVE-2022-21283.html https://www.suse.com/security/cve/CVE-2022-21291.html https://www.suse.com/security/cve/CVE-2022-21293.html https://www.suse.com/security/cve/CVE-2022-21294.html https://www.suse.com/security/cve/CVE-2022-21296.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21305.html https://www.suse.com/security/cve/CVE-2022-21340.html https://www.suse.com/security/cve/CVE-2022-21341.html https://www.suse.com/security/cve/CVE-2022-21360.html https://www.suse.com/security/cve/CVE-2022-21365.html https://www.suse.com/security/cve/CVE-2022-21366.html https://bugzilla.suse.com/1194925 https://bugzilla.suse.com/1194926 https://bugzilla.suse.com/1194927 https://bugzilla.suse.com/1194928 https://bugzilla.suse.com/1194929 https://bugzilla.suse.com/1194930 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1194932 https://bugzilla.suse.com/1194933 https://bugzilla.suse.com/1194934 https://bugzilla.suse.com/1194935 https://bugzilla.suse.com/1194937 https://bugzilla.suse.com/1194939 https://bugzilla.suse.com/1194940 https://bugzilla.suse.com/1194941 From sle-updates at lists.suse.com Fri Mar 4 20:16:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 21:16:04 +0100 (CET) Subject: SUSE-SU-2022:14904-1: important: Security update for libxml2 Message-ID: <20220304201604.58382F382@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14904-1 Rating: important References: #1196490 Cross-References: CVE-2022-23308 CVSS scores: CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libxml2-14904=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libxml2-14904=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-14904=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-14904=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libxml2-2.7.6-0.77.43.1 libxml2-doc-2.7.6-0.77.43.1 libxml2-python-2.7.6-0.77.43.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.77.43.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libxml2-2.7.6-0.77.43.1 libxml2-doc-2.7.6-0.77.43.1 libxml2-python-2.7.6-0.77.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.43.1 libxml2-debugsource-2.7.6-0.77.43.1 libxml2-python-debuginfo-2.7.6-0.77.43.1 libxml2-python-debugsource-2.7.6-0.77.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.43.1 libxml2-debugsource-2.7.6-0.77.43.1 libxml2-python-debuginfo-2.7.6-0.77.43.1 libxml2-python-debugsource-2.7.6-0.77.43.1 References: https://www.suse.com/security/cve/CVE-2022-23308.html https://bugzilla.suse.com/1196490 From sle-updates at lists.suse.com Fri Mar 4 20:16:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Mar 2022 21:16:37 +0100 (CET) Subject: SUSE-RU-2022:0738-1: moderate: Recommended update for mdadm Message-ID: <20220304201637.A03C1F382@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0738-1 Rating: moderate References: #1190376 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Incremental: Remove redundant spare movement logic. (bsc#1190376) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-738=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mdadm-4.1-4.23.3 mdadm-debuginfo-4.1-4.23.3 mdadm-debugsource-4.1-4.23.3 References: https://bugzilla.suse.com/1190376 From sle-updates at lists.suse.com Sat Mar 5 08:07:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Mar 2022 09:07:12 +0100 (CET) Subject: SUSE-CU-2022:246-1: Security update of suse/sle15 Message-ID: <20220305080712.A34BFF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:246-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.518 Container Release : 4.22.518 Severity : important Type : security References : 1190447 1196036 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following package changes have been done: - filesystem-15.0-11.5.1 updated - libsasl2-3-2.1.26-5.10.1 updated From sle-updates at lists.suse.com Sat Mar 5 08:28:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Mar 2022 09:28:50 +0100 (CET) Subject: SUSE-CU-2022:247-1: Recommended update of suse/sle15 Message-ID: <20220305082850.280ACF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:247-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.574 Container Release : 6.2.574 Severity : moderate Type : recommended References : 1187512 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) The following package changes have been done: - libaugeas0-1.10.1-3.5.1 updated From sle-updates at lists.suse.com Sat Mar 5 08:29:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Mar 2022 09:29:01 +0100 (CET) Subject: SUSE-CU-2022:248-1: Security update of suse/sle15 Message-ID: <20220305082901.89298F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:248-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.576 Container Release : 6.2.576 Severity : important Type : security References : 1190447 1196036 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following package changes have been done: - filesystem-15.0-11.5.1 updated - libsasl2-3-2.1.26-5.10.1 updated From sle-updates at lists.suse.com Sun Mar 6 07:59:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 08:59:55 +0100 (CET) Subject: SUSE-CU-2022:250-1: Recommended update of suse/sle15 Message-ID: <20220306075955.92FE9F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:250-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.93 Container Release : 9.5.93 Severity : moderate Type : recommended References : 1187512 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) The following package changes have been done: - libaugeas0-1.10.1-3.5.1 updated From sle-updates at lists.suse.com Sun Mar 6 08:00:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:00:17 +0100 (CET) Subject: SUSE-CU-2022:252-1: Security update of suse/sle15 Message-ID: <20220306080017.9CB27F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:252-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.96 Container Release : 9.5.96 Severity : important Type : security References : 1190447 1196036 1196167 CVE-2021-4209 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). The following package changes have been done: - filesystem-15.0-11.5.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libsasl2-3-2.1.26-5.10.1 updated From sle-updates at lists.suse.com Sun Mar 6 08:02:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:02:11 +0100 (CET) Subject: SUSE-CU-2022:253-1: Security update of bci/golang Message-ID: <20220306080211.DD657F386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:253-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-10.26 Container Release : 10.26 Severity : important Type : security References : 1182345 1187512 1188348 1188507 1190447 1192954 1193632 1194976 1195834 1195835 1195838 CVE-2021-3995 CVE-2021-3996 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:724-1 Released: Fri Mar 4 10:34:01 2022 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1195834,1195835,1195838,CVE-2022-23772,CVE-2022-23773,CVE-2022-23806 This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50700 math/big: Rat.SetString may consume large amount of RAM and crash - go#50686 cmd/go: do not treat branches with semantic-version names as releases - go#50866 cmd/compile: incorrect use of CMN on arm64 - go#50832 runtime/race: NoRaceMutexPureHappensBefore failures - go#50811 cmd/go: remove bitbucket VCS probing - go#50780 runtime: incorrect frame information in traceback traversal may hang the process. - go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50645 testing: surprising interaction of subtests with TempDir - go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - filesystem-15.0-11.5.1 updated - go1.16-1.16.14-1.43.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated - container:sles15-image-15.0.0-17.8.86 updated From sle-updates at lists.suse.com Sun Mar 6 08:03:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:03:21 +0100 (CET) Subject: SUSE-CU-2022:254-1: Security update of bci/golang Message-ID: <20220306080321.AFE98F386@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:254-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-9.24 , bci/golang:latest Container Release : 9.24 Severity : important Type : security References : 1187512 1188348 1188507 1190447 1190649 1192954 1193632 1194976 1195834 1195835 1195838 CVE-2021-3995 CVE-2021-3996 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:723-1 Released: Fri Mar 4 10:31:46 2022 Summary: Security update for go1.17 Type: security Severity: important References: 1190649,1195834,1195835,1195838,CVE-2022-23772,CVE-2022-23773,CVE-2022-23806 This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: 'compile: loop' compiler bug? - go#50867 cmd/compile: incorrect use of CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing - go#50781 runtime: incorrect frame information in traceback traversal may hang the process. - go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50297 cmd/link: does not set section type of .init_array correctly - go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - filesystem-15.0-11.5.1 updated - go1.17-1.17.7-1.20.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated - container:sles15-image-15.0.0-17.8.86 updated From sle-updates at lists.suse.com Sun Mar 6 08:04:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:04:05 +0100 (CET) Subject: SUSE-CU-2022:255-1: Security update of bci/nodejs Message-ID: <20220306080405.465C4F386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:255-1 Container Tags : bci/node:12 , bci/node:12-11.15 , bci/nodejs:12 , bci/nodejs:12-11.15 Container Release : 11.15 Severity : important Type : security References : 1191962 1191963 1192153 1192154 1192696 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:657-1 Released: Wed Mar 2 10:11:51 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1191962,1191963,1192153,1192154,1192696,CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918 This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). The following package changes have been done: - nodejs12-12.22.10-4.29.3 updated - npm12-12.22.10-4.29.3 updated - container:sles15-image-15.0.0-17.8.83 updated From sle-updates at lists.suse.com Sun Mar 6 08:04:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:04:52 +0100 (CET) Subject: SUSE-CU-2022:256-1: Security update of bci/nodejs Message-ID: <20220306080452.0D351F386@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:256-1 Container Tags : bci/node:14 , bci/node:14-14.13 , bci/nodejs:14 , bci/nodejs:14-14.13 Container Release : 14.13 Severity : important Type : security References : 1187512 1188348 1188507 1190447 1191962 1191963 1192153 1192154 1192696 1192954 1193632 1194976 1196025 1196026 1196168 1196169 1196171 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-3995 CVE-2021-3996 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:715-1 Released: Fri Mar 4 09:37:47 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1191962,1191963,1192153,1192154,1192696,CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918 This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - filesystem-15.0-11.5.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - nodejs14-14.19.0-15.27.1 updated - npm14-14.19.0-15.27.1 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated - container:sles15-image-15.0.0-17.8.86 updated From sle-updates at lists.suse.com Sun Mar 6 08:05:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:05:12 +0100 (CET) Subject: SUSE-CU-2022:257-1: Security update of suse/rmt-mariadb-client Message-ID: <20220306080512.C5AE0F386@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:257-1 Container Tags : suse/rmt-mariadb-client:10.5 , suse/rmt-mariadb-client:10.5-4.6 , suse/rmt-mariadb-client:latest Container Release : 4.6 Severity : important Type : security References : 1195325 1195334 1195339 1196016 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:731-1 Released: Fri Mar 4 14:47:06 2022 Summary: Security update for mariadb Type: security Severity: important References: 1195325,1195334,1195339,1196016,CVE-2021-46657,CVE-2021-46658,CVE-2021-46659,CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668,CVE-2022-24048,CVE-2022-24050,CVE-2022-24051,CVE-2022-24052 This update for mariadb fixes the following issues: - Update to 10.5.15 (bsc#1196016): * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 The following package changes have been done: - mariadb-errormessages-10.5.15-150300.3.15.1 updated - mariadb-client-10.5.15-150300.3.15.1 updated From sle-updates at lists.suse.com Sun Mar 6 08:05:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:05:30 +0100 (CET) Subject: SUSE-CU-2022:258-1: Security update of suse/rmt-mariadb Message-ID: <20220306080530.9FFC3F386@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:258-1 Container Tags : suse/rmt-mariadb:10.5 , suse/rmt-mariadb:10.5-3.5 , suse/rmt-mariadb:latest Container Release : 3.5 Severity : important Type : security References : 1188348 1188507 1192954 1193632 1194976 1195325 1195334 1195339 1196016 1196025 1196026 1196168 1196169 1196171 CVE-2021-3995 CVE-2021-3996 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:731-1 Released: Fri Mar 4 14:47:06 2022 Summary: Security update for mariadb Type: security Severity: important References: 1195325,1195334,1195339,1196016,CVE-2021-46657,CVE-2021-46658,CVE-2021-46659,CVE-2021-46661,CVE-2021-46663,CVE-2021-46664,CVE-2021-46665,CVE-2021-46668,CVE-2022-24048,CVE-2022-24050,CVE-2022-24051,CVE-2022-24052 This update for mariadb fixes the following issues: - Update to 10.5.15 (bsc#1196016): * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 The following package changes have been done: - mariadb-client-10.5.15-150300.3.15.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - mariadb-errormessages-10.5.15-150300.3.15.1 updated - util-linux-2.36.2-150300.4.14.3 updated - mariadb-10.5.15-150300.3.15.1 updated - mariadb-tools-10.5.15-150300.3.15.1 updated From sle-updates at lists.suse.com Sun Mar 6 08:15:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:15:19 +0100 (CET) Subject: SUSE-CU-2022:259-1: Recommended update of suse/sle15 Message-ID: <20220306081519.A9B92F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:259-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.84 Container Release : 17.8.84 Severity : moderate Type : recommended References : 1187512 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) The following package changes have been done: - libaugeas0-1.10.1-3.5.1 updated From sle-updates at lists.suse.com Sun Mar 6 08:15:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:15:28 +0100 (CET) Subject: SUSE-CU-2022:260-1: Recommended update of suse/sle15 Message-ID: <20220306081528.3D875F386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:260-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.85 Container Release : 17.8.85 Severity : moderate Type : recommended References : 1190447 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). The following package changes have been done: - filesystem-15.0-11.5.1 updated From sle-updates at lists.suse.com Sun Mar 6 08:15:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 6 Mar 2022 09:15:36 +0100 (CET) Subject: SUSE-CU-2022:261-1: Security update of suse/sle15 Message-ID: <20220306081536.443ADF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:261-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.86 Container Release : 17.8.86 Severity : moderate Type : security References : 1188348 1188507 1192954 1193632 1194976 CVE-2021-3995 CVE-2021-3996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated From sle-updates at lists.suse.com Mon Mar 7 11:16:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Mar 2022 12:16:57 +0100 (CET) Subject: SUSE-RU-2022:0739-1: moderate: Recommended update for mdadm Message-ID: <20220307111657.603C7F387@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0739-1 Rating: moderate References: #1183229 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Monitor: print message before quit for no array to monitor (bsc#1183229) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-739=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-739=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.9.1 mdadm-debuginfo-4.1-150300.24.9.1 mdadm-debugsource-4.1-150300.24.9.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): mdadm-4.1-150300.24.9.1 mdadm-debuginfo-4.1-150300.24.9.1 mdadm-debugsource-4.1-150300.24.9.1 References: https://bugzilla.suse.com/1183229 From sle-updates at lists.suse.com Mon Mar 7 17:16:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Mar 2022 18:16:55 +0100 (CET) Subject: SUSE-RU-2022:0740-1: moderate: Recommended update for supportutils-plugin-cloud-init Message-ID: <20220307171655.E3DA4F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0740-1 Rating: moderate References: #1195961 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-cloud-init contains the following fixes: - Script name stripped for dashes and dots, which made the execution fail. (bsc#1195961) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-740=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-740=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-740=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): supportutils-plugin-cloud-init-1.1-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): supportutils-plugin-cloud-init-1.1-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): supportutils-plugin-cloud-init-1.1-3.6.1 References: https://bugzilla.suse.com/1195961 From sle-updates at lists.suse.com Tue Mar 8 02:16:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 03:16:54 +0100 (CET) Subject: SUSE-SU-2022:0743-1: important: Security update for cyrus-sasl Message-ID: <20220308021654.CB778F386@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0743-1 Rating: important References: #1194265 #1196036 Cross-References: CVE-2022-24407 CVSS scores: CVE-2022-24407 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-743=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-743=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-743=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-743=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): cyrus-sasl-bdb-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.27-150300.4.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): cyrus-sasl-bdb-2.1.27-150300.4.6.1 cyrus-sasl-bdb-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1 cyrus-sasl-bdb-digestmd5-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1 cyrus-sasl-bdb-gs2-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1 cyrus-sasl-bdb-gssapi-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1 cyrus-sasl-bdb-ntlm-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1 cyrus-sasl-bdb-otp-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1 cyrus-sasl-bdb-plain-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1 cyrus-sasl-bdb-scram-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-bdb-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-bdb-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1 cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.27-150300.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.27-150300.4.6.1 cyrus-sasl-crammd5-2.1.27-150300.4.6.1 cyrus-sasl-crammd5-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-devel-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-otp-2.1.27-150300.4.6.1 cyrus-sasl-otp-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-plain-2.1.27-150300.4.6.1 cyrus-sasl-plain-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-saslauthd-debugsource-2.1.27-150300.4.6.1 libsasl2-3-2.1.27-150300.4.6.1 libsasl2-3-debuginfo-2.1.27-150300.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): cyrus-sasl-32bit-2.1.27-150300.4.6.1 cyrus-sasl-32bit-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-crammd5-32bit-2.1.27-150300.4.6.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-32bit-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-32bit-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-plain-32bit-2.1.27-150300.4.6.1 cyrus-sasl-plain-32bit-debuginfo-2.1.27-150300.4.6.1 libsasl2-3-32bit-2.1.27-150300.4.6.1 libsasl2-3-32bit-debuginfo-2.1.27-150300.4.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cyrus-sasl-2.1.27-150300.4.6.1 cyrus-sasl-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.6.1 libsasl2-3-2.1.27-150300.4.6.1 libsasl2-3-debuginfo-2.1.27-150300.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-24407.html https://bugzilla.suse.com/1194265 https://bugzilla.suse.com/1196036 From sle-updates at lists.suse.com Tue Mar 8 08:02:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 09:02:10 +0100 (CET) Subject: SUSE-CU-2022:263-1: Security update of bci/bci-init Message-ID: <20220308080210.036A9F386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:263-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.10.2 , bci/bci-init:latest Container Release : 10.2 Severity : important Type : security References : 1176804 1177598 1181640 1182998 1187512 1188348 1188507 1188520 1188914 1190447 1192954 1193166 1193273 1193632 1194976 1196025 1196026 1196168 1196169 1196171 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVE-2021-3995 CVE-2021-3996 CVE-2021-4024 CVE-2021-41190 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - filesystem-15.0-11.5.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libseccomp2-2.5.3-150300.10.5.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated - container:sles15-image-15.0.0-17.8.87 updated From sle-updates at lists.suse.com Tue Mar 8 08:02:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 09:02:54 +0100 (CET) Subject: SUSE-CU-2022:266-1: Recommended update of bci/bci-minimal Message-ID: <20220308080254.2991DF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:266-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.22.2 , bci/bci-minimal:latest Container Release : 22.2 Severity : moderate Type : recommended References : 1190447 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). The following package changes have been done: - filesystem-15.0-11.5.1 updated - container:micro-image-15.3.0-11.1 updated From sle-updates at lists.suse.com Tue Mar 8 08:02:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 09:02:34 +0100 (CET) Subject: SUSE-CU-2022:265-1: Recommended update of bci/bci-micro Message-ID: <20220308080234.D917DF386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:265-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.11.1 , bci/bci-micro:latest Container Release : 11.1 Severity : moderate Type : recommended References : 1190447 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). The following package changes have been done: - filesystem-15.0-11.5.1 updated From sle-updates at lists.suse.com Tue Mar 8 08:02:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 09:02:17 +0100 (CET) Subject: SUSE-CU-2022:264-1: Security update of bci/bci-init Message-ID: <20220308080217.A1CF0F386@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:264-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.10.6 , bci/bci-init:latest Container Release : 10.6 Severity : important Type : security References : 1194265 1196036 CVE-2022-24407 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). The following package changes have been done: - libsasl2-3-2.1.27-150300.4.6.1 updated - container:sles15-image-15.0.0-17.8.88 updated From sle-updates at lists.suse.com Tue Mar 8 08:12:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 09:12:55 +0100 (CET) Subject: SUSE-CU-2022:268-1: Security update of suse/sle15 Message-ID: <20220308081255.4F7DAF386@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:268-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.88 Container Release : 17.8.88 Severity : important Type : security References : 1194265 1196036 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). The following package changes have been done: - libsasl2-3-2.1.27-150300.4.6.1 updated From sle-updates at lists.suse.com Tue Mar 8 17:16:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:16:09 +0100 (CET) Subject: SUSE-RU-2022:0746-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220308171609.28FFEF386@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0746-1 Rating: moderate References: #1097531 #1190462 #1190781 #1193357 #1193565 #1194363 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. spacecmd: - Version 4.3.7-1 * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) - Version 4.3.6-1 * Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-2022-746=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+2.24.1 salt-minion-3000+ds-1+2.24.1 spacecmd-4.3.7-2.25.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1193565 https://bugzilla.suse.com/1194363 From sle-updates at lists.suse.com Tue Mar 8 17:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:17:09 +0100 (CET) Subject: SUSE-RU-2022:0745-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220308171709.798FAF386@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0745-1 Rating: moderate References: #1097531 #1190462 #1193357 #1194363 #1195625 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Update generated documentation to 3004 - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html spacecmd: - Version 4.3.7-1 * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) - Version 4.3.6-1 * Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-745=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+2.33.2 salt-minion-3004+ds-1+2.33.2 spacecmd-4.3.7-2.26.2 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1195625 From sle-updates at lists.suse.com Tue Mar 8 17:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:17:58 +0100 (CET) Subject: SUSE-RU-2022:0744-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220308171758.42C1CF386@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0744-1 Rating: moderate References: #1097531 #1190462 #1193357 #1194363 #1195625 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Update generated documentation to 3004 - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html spacecmd: - Version 4.3.7-1 * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) - Version 4.3.6-1 * Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-744=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+2.36.2 salt-minion-3004+ds-1+2.36.2 spacecmd-4.3.7-2.27.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1195625 From sle-updates at lists.suse.com Tue Mar 8 17:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:18:52 +0100 (CET) Subject: SUSE-RU-2022:0747-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220308171852.DD940F386@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0747-1 Rating: moderate References: #1097531 #1190462 #1193357 #1194363 #1195625 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Update generated documentation to 3004 - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html spacecmd: - Version 4.3.7-1 * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) - Version 4.3.6-1 * Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-747=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+27.51.1 salt-minion-3004+ds-1+27.51.1 spacecmd-4.3.7-2.33.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1195625 From sle-updates at lists.suse.com Tue Mar 8 17:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:19:47 +0100 (CET) Subject: SUSE-SU-2022:0751-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20220308171947.CE6DEF386@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0751-1 Rating: moderate References: #1097531 #1181400 #1190462 #1193357 #1194363 #1194873 #1195625 #1195726 #1195727 #1195728 SLE-22863 SLE-23422 SLE-23439 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVE-2022-21703 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains three features is now available. Description: This security update fixes the following issues: golang-github-prometheus-prometheus: - Upgrade to upstream version 2.32.1 (jsc#SLE-22863) + Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. #9996 * Scrape: Ensure that scrape interval and scrape timeout are always set. #10023 * TSDB: Expose and fix bug in iterators' Seek() method. #10030 - Upgrade to upstream version 2.32.0 + Change: * remote-write: Change default max retry time from 100ms to 5 seconds. #9634 + Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. #8970 + Enhancements: * Promtool: Improve test output. #8064 * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. #9412 * Scrape: Add scrape_body_size_bytes scrape metric behind the --enable-feature=extra-scrape-metrics flag. #9569 * TSDB: Add windows arm64 support. #9703 * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. #9680 * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. #9688 * TSDB: Add more size checks when writing individual sections in the index. #9710 * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. #9856 * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. #9853 * Promtool: Fix checking of authorization.credentials_file and bearer_token_file fields. #9883 * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. #9980 - Upgrade to upstream version 2.31.1 + Bugfix: * SD: Fix a panic when the experimental discovery manager receives targets during a reload. #9656 - Upgrade to upstream version 2.31.0 * UI: Remove standard PromQL editor in favour of the codemirror-based editor. #9452 * PromQL: Add trigonometric functions and atan2 binary operator. #9239 #9248 #9515 * Remote: Add support for exemplar in the remote write receiver endpoint. #9319 #9414 * SD: Add PuppetDB service discovery. #8883 * SD: Add Uyuni service discovery. #8190 * Web: Add support for security-related HTTP headers. #9546 * Azure SD: Add proxy_url, follow_redirects, tls_config. #9267 * Backfill: Add --max-block-duration in promtool create-blocks-from rules. #9511 * Config: Print human-readable sizes with unit instead of raw numbers. #9361 * HTTP: Re-enable HTTP/2. #9398 * Kubernetes SD: Warn user if number of endpoints exceeds limit. #9467 * OAuth2: Add TLS configuration to token requests. #9550 * PromQL: Several optimizations. #9365 #9360 #9362 #9552 * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. #9359 * Backfill: Apply rule labels after query labels. #9421 * Scrape: Resolve conflicts between multiple exported label prefixes. #9479 #9518 * Scrape: Restart scrape loops when __scrape_interval__ is changed. #9551 * TSDB: Fix memory leak in samples deletion. #9151 * UI: Use consistent margin-bottom for all alert kinds. #9318 - Upgrade to upstream version 2.30.3 * TSDB: Fix panic on failed snapshot replay. #9438 * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. #9438 - Upgrade to upstream version 2.30.2 * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. #9381 - Upgrade to upstream version 2.30.1 * Remote Write: Redact remote write URL when used for metric label. #9383 * UI: Redact remote write URL and proxy URL passwords in the /config page. #9408 * promtool rules backfill: Prevent creation of data before the start time. #9339 * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. #9387 - Upgrade to upstream version 2.30.0 * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. #7229 * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using __scrape_interval__ and __scrape_timeout__ labels respectively. #8911 * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. #9247 #9295 * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via --scrape.adjust-timestamps. #9283 * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time #9160 * promtool: Speed up checking for duplicate rules. #9262/#9306 * Scrape: Reduce allocations when parsing the metrics. #9299 * docker_sd: Support host network mode #9125 * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. #9286 * TSDB: Correctly decrement prometheus_tsdb_head_active_appenders when the append has no samples. #9230 * promtool rules backfill: Return 1 if backfill was unsuccessful. #9303 * promtool rules backfill: Avoid creation of overlapping blocks. #9324 * config: Fix a panic when reloading configuration with a null relabel action. #9224 - Upgrade to upstream version 2.29.2 * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. #9205 * Fix data race in loading write-ahead-log (WAL). #9259 - Upgrade to upstream version 2.29.1 * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. #9192 - Upgrade to upstream version 2.29.0 + Changes: * Promote --storage.tsdb.allow-overlapping-blocks flag to stable. #9117 * Promote --storage.tsdb.retention.size flag to stable. #9004 * Add Kuma service discovery. #8844 * Add present_over_time PromQL function. #9097 * Allow configuring exemplar storage via file and make it reloadable. #8974 * UI: Allow selecting time range with mouse drag. #8977 * promtool: Add feature flags flag --enable-feature. #8958 * promtool: Add file_sd file validation. #8950 * Reduce blocking of outgoing remote write requests from series garbage collection. #9109 * Improve write-ahead-log decoding performance. #9106 * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. #8959 * Add __meta_gce_interface_ipv4_ meta label to GCE discovery. #8978 * Add __meta_ec2_availability_zone_id meta label to EC2 discovery. #8896 * Add __meta_azure_machine_computer_name meta label to Azure discovery. #9112 * Add __meta_hetzner_hcloud_labelpresent_ meta label to Hetzner discovery. #9028 * promtool: Add compaction efficiency to promtool tsdb analyze reports. #8940 * promtool: Allow configuring max block duration for backfilling via --max-block-duration flag. #8919 * UI: Add sorting and filtering to flags page. #8988 * UI: Improve alerts page rendering performance. #9005 * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. #9104 * Fix incorrect target_limit reloading of zero value. #9120 * Fix head GC and pending readers race condition. #9081 * Fix timestamp handling in OpenMetrics parser. #9008 * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. #8885 * Fix server configuration and validation for authentication via client cert. #9123 * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. #9119 - Upgrade to upstream version 2.28.1 * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. #9019 * Fix incorrect log-level handling after moving to go-kit/log. - Upgrade to upstream version 2.28.0 * UI: Make the new experimental PromQL editor the default. * Linode SD: Add Linode service discovery. #8846 * HTTP SD: Add generic HTTP-based service discovery. #8839 * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. #8811 * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. #8900 * Promtool: Allow silencing output when importing / backfilling data. #8917 * Consul SD: Support reading tokens from file. #8926 * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. #8878 * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. #8833 #8886 * Kubernetes SD: Add ingress class name label for ingress discovery. #8916 * UI: Show a startup screen with progress bar when the TSDB is not ready yet. #8662 #8908 #8909 #8946 * SD: Add a target creation failure counter prometheus_target_sync_failed_total and improve target creation failure handling. #8786 * TSDB: Improve validation of exemplar label set length. #8816 * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. #8824 * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. #8856 * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. #8582 * SD: Fix the computation of the prometheus_sd_discovered_targets metric when using multiple service discoveries. #8828 - Added hardening to systemd service(s) (bsc#1181400). Modified: grafana: - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for "If execution error or timeout" when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in "Add threshold". * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses "Repeat For". - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe "results" to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any "evaluate for" value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for "label_values(log stream selector, label)" in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to "Time" for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix "count_non_null" reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda at Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes "error while loading library panels". * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. salt: - Update generated documentation to 3004 - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html spacecmd: - Version 4.3.7-1 * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) - Version 4.3.6-1 * Update translation strings spacewalk-client-tools: - Version 4.3.6-1 * Update translation strings Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-751=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-159000.6.24.1 grafana-8.3.5-159000.4.21.1 grafana-debuginfo-8.3.5-159000.4.21.1 python3-salt-3004-159000.8.50.1 salt-3004-159000.8.50.1 salt-api-3004-159000.8.50.1 salt-cloud-3004-159000.8.50.1 salt-doc-3004-159000.8.50.1 salt-master-3004-159000.8.50.1 salt-minion-3004-159000.8.50.1 salt-proxy-3004-159000.8.50.1 salt-ssh-3004-159000.8.50.1 salt-standalone-formulas-configuration-3004-159000.8.50.1 salt-syndic-3004-159000.8.50.1 salt-transactional-update-3004-159000.8.50.1 - SUSE Manager Tools 15-BETA (noarch): python3-spacewalk-check-4.3.6-159000.6.39.1 python3-spacewalk-client-setup-4.3.6-159000.6.39.1 python3-spacewalk-client-tools-4.3.6-159000.6.39.1 salt-bash-completion-3004-159000.8.50.1 salt-fish-completion-3004-159000.8.50.1 salt-zsh-completion-3004-159000.8.50.1 spacecmd-4.3.7-159000.6.33.1 spacewalk-check-4.3.6-159000.6.39.1 spacewalk-client-setup-4.3.6-159000.6.39.1 spacewalk-client-tools-4.3.6-159000.6.39.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-21673.html https://www.suse.com/security/cve/CVE-2022-21702.html https://www.suse.com/security/cve/CVE-2022-21703.html https://www.suse.com/security/cve/CVE-2022-21713.html https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194873 https://bugzilla.suse.com/1195625 https://bugzilla.suse.com/1195726 https://bugzilla.suse.com/1195727 https://bugzilla.suse.com/1195728 From sle-updates at lists.suse.com Tue Mar 8 17:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:21:25 +0100 (CET) Subject: SUSE-FU-2022:0750-1: moderate: Feature update for SUSE Manager Client Tools Message-ID: <20220308172125.9AF98F386@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0750-1 Rating: moderate References: #1097531 #1181400 #1190462 #1190781 #1193357 #1193565 #1193671 #1194363 #1195906 SLE-22863 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 8 fixes is now available. Description: This feature update fixes the following issues: cobbler: - Move configuration files ownership to apache (bsc#1195906) - Make configuration files only readable by root (bsc#1193671, CVE-2021-45083) golang-github-prometheus-prometheus: - Upgrade to upstream version 2.32.1 (jsc#SLE-22863) + Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. #9996 * Scrape: Ensure that scrape interval and scrape timeout are always set. #10023 * TSDB: Expose and fix bug in iterators' Seek() method. #10030 - Upgrade to upstream version 2.32.0 + Change: * remote-write: Change default max retry time from 100ms to 5 seconds. #9634 + Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. #8970 + Enhancements: * Promtool: Improve test output. #8064 * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. #9412 * Scrape: Add scrape_body_size_bytes scrape metric behind the --enable-feature=extra-scrape-metrics flag. #9569 * TSDB: Add windows arm64 support. #9703 * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. #9680 * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. #9688 * TSDB: Add more size checks when writing individual sections in the index. #9710 * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. #9856 * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. #9853 * Promtool: Fix checking of authorization.credentials_file and bearer_token_file fields. #9883 * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. #9980 - Upgrade to upstream version 2.31.1 + Bugfix: * SD: Fix a panic when the experimental discovery manager receives targets during a reload. #9656 - Upgrade to upstream version 2.31.0 * UI: Remove standard PromQL editor in favour of the codemirror-based editor. #9452 * PromQL: Add trigonometric functions and atan2 binary operator. #9239 #9248 #9515 * Remote: Add support for exemplar in the remote write receiver endpoint. #9319 #9414 * SD: Add PuppetDB service discovery. #8883 * SD: Add Uyuni service discovery. #8190 * Web: Add support for security-related HTTP headers. #9546 * Azure SD: Add proxy_url, follow_redirects, tls_config. #9267 * Backfill: Add --max-block-duration in promtool create-blocks-from rules. #9511 * Config: Print human-readable sizes with unit instead of raw numbers. #9361 * HTTP: Re-enable HTTP/2. #9398 * Kubernetes SD: Warn user if number of endpoints exceeds limit. #9467 * OAuth2: Add TLS configuration to token requests. #9550 * PromQL: Several optimizations. #9365 #9360 #9362 #9552 * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. #9359 * Backfill: Apply rule labels after query labels. #9421 * Scrape: Resolve conflicts between multiple exported label prefixes. #9479 #9518 * Scrape: Restart scrape loops when __scrape_interval__ is changed. #9551 * TSDB: Fix memory leak in samples deletion. #9151 * UI: Use consistent margin-bottom for all alert kinds. #9318 - Upgrade to upstream version 2.30.3 * TSDB: Fix panic on failed snapshot replay. #9438 * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. #9438 - Upgrade to upstream version 2.30.2 * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. #9381 - Upgrade to upstream version 2.30.1 * Remote Write: Redact remote write URL when used for metric label. #9383 * UI: Redact remote write URL and proxy URL passwords in the /config page. #9408 * promtool rules backfill: Prevent creation of data before the start time. #9339 * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. #9387 - Upgrade to upstream version 2.30.0 * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. #7229 * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using __scrape_interval__ and __scrape_timeout__ labels respectively. #8911 * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. #9247 #9295 * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via --scrape.adjust-timestamps. #9283 * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time #9160 * promtool: Speed up checking for duplicate rules. #9262/#9306 * Scrape: Reduce allocations when parsing the metrics. #9299 * docker_sd: Support host network mode #9125 * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. #9286 * TSDB: Correctly decrement prometheus_tsdb_head_active_appenders when the append has no samples. #9230 * promtool rules backfill: Return 1 if backfill was unsuccessful. #9303 * promtool rules backfill: Avoid creation of overlapping blocks. #9324 * config: Fix a panic when reloading configuration with a null relabel action. #9224 - Upgrade to upstream version 2.29.2 * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. #9205 * Fix data race in loading write-ahead-log (WAL). #9259 - Upgrade to upstream version 2.29.1 * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. #9192 - Upgrade to upstream version 2.29.0 + Changes: * Promote --storage.tsdb.allow-overlapping-blocks flag to stable. #9117 * Promote --storage.tsdb.retention.size flag to stable. #9004 * Add Kuma service discovery. #8844 * Add present_over_time PromQL function. #9097 * Allow configuring exemplar storage via file and make it reloadable. #8974 * UI: Allow selecting time range with mouse drag. #8977 * promtool: Add feature flags flag --enable-feature. #8958 * promtool: Add file_sd file validation. #8950 * Reduce blocking of outgoing remote write requests from series garbage collection. #9109 * Improve write-ahead-log decoding performance. #9106 * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. #8959 * Add __meta_gce_interface_ipv4_ meta label to GCE discovery. #8978 * Add __meta_ec2_availability_zone_id meta label to EC2 discovery. #8896 * Add __meta_azure_machine_computer_name meta label to Azure discovery. #9112 * Add __meta_hetzner_hcloud_labelpresent_ meta label to Hetzner discovery. #9028 * promtool: Add compaction efficiency to promtool tsdb analyze reports. #8940 * promtool: Allow configuring max block duration for backfilling via --max-block-duration flag. #8919 * UI: Add sorting and filtering to flags page. #8988 * UI: Improve alerts page rendering performance. #9005 * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. #9104 * Fix incorrect target_limit reloading of zero value. #9120 * Fix head GC and pending readers race condition. #9081 * Fix timestamp handling in OpenMetrics parser. #9008 * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. #8885 * Fix server configuration and validation for authentication via client cert. #9123 * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. #9119 - Upgrade to upstream version 2.28.1 * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. #9019 * Fix incorrect log-level handling after moving to go-kit/log. - Upgrade to upstream version 2.28.0 * UI: Make the new experimental PromQL editor the default. * Linode SD: Add Linode service discovery. #8846 * HTTP SD: Add generic HTTP-based service discovery. #8839 * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. #8811 * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. #8900 * Promtool: Allow silencing output when importing / backfilling data. #8917 * Consul SD: Support reading tokens from file. #8926 * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. #8878 * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. #8833 #8886 * Kubernetes SD: Add ingress class name label for ingress discovery. #8916 * UI: Show a startup screen with progress bar when the TSDB is not ready yet. #8662 #8908 #8909 #8946 * SD: Add a target creation failure counter prometheus_target_sync_failed_total and improve target creation failure handling. #8786 * TSDB: Improve validation of exemplar label set length. #8816 * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. #8824 * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. #8856 * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. #8582 * SD: Fix the computation of the prometheus_sd_discovered_targets metric when using multiple service discoveries. #8828 - Added hardening to systemd service(s) (bsc#1181400). Modified: mgr-cfg: - Version 4.3.4-1 * Fix installation problem for SLE15SP4 due missing python-selinux salt: - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. spacecmd: - Version 4.3.7-1 * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) - Version 4.3.6-1 * Update translation strings spacewalk-client-tools: - Version 4.3.6-1 * Update translation strings Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-750=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-4.24.1 python2-salt-3000-53.5.1 python3-salt-3000-53.5.1 salt-3000-53.5.1 salt-doc-3000-53.5.1 salt-minion-3000-53.5.1 - SUSE Manager Tools 12-BETA (noarch): koan-2.6.6-52.12.1 mgr-cfg-4.3.4-4.21.1 mgr-cfg-actions-4.3.4-4.21.1 mgr-cfg-client-4.3.4-4.21.1 mgr-cfg-management-4.3.4-4.21.1 python2-mgr-cfg-4.3.4-4.21.1 python2-mgr-cfg-actions-4.3.4-4.21.1 python2-mgr-cfg-client-4.3.4-4.21.1 python2-mgr-cfg-management-4.3.4-4.21.1 python2-spacewalk-check-4.3.6-55.39.1 python2-spacewalk-client-setup-4.3.6-55.39.1 python2-spacewalk-client-tools-4.3.6-55.39.1 spacecmd-4.3.7-41.33.1 spacewalk-check-4.3.6-55.39.1 spacewalk-client-setup-4.3.6-55.39.1 spacewalk-client-tools-4.3.6-55.39.1 References: https://www.suse.com/security/cve/CVE-2021-45083.html https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1193357 https://bugzilla.suse.com/1193565 https://bugzilla.suse.com/1193671 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1195906 From sle-updates at lists.suse.com Tue Mar 8 17:22:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:22:47 +0100 (CET) Subject: SUSE-OU-2022:0752-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220308172247.1830BF386@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0752-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: babl Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-752=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-752=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): babl-debugsource-0.1.72-3.2.1 babl-devel-0.1.72-3.2.1 libbabl-0_1-0-0.1.72-3.2.1 libbabl-0_1-0-debuginfo-0.1.72-3.2.1 typelib-1_0-Babl-0_1-0.1.72-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): babl-debugsource-0.1.72-3.2.1 babl-devel-0.1.72-3.2.1 libbabl-0_1-0-0.1.72-3.2.1 libbabl-0_1-0-debuginfo-0.1.72-3.2.1 typelib-1_0-Babl-0_1-0.1.72-3.2.1 References: From sle-updates at lists.suse.com Tue Mar 8 17:23:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Mar 2022 18:23:16 +0100 (CET) Subject: SUSE-SU-2022:0754-1: important: Security update for libcaca Message-ID: <20220308172316.D79B5F386@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0754-1 Rating: important References: #1182731 #1184751 #1184752 Cross-References: CVE-2021-30498 CVE-2021-30499 CVE-2021-3410 CVSS scores: CVE-2021-30498 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30498 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3410 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3410 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libcaca fixes the following issues: - CVE-2021-30499: Fixed a memory corruption issue when exporting troff sources (bsc#1184751). - CVE-2021-30498: Fixed a memory corruption issue when exporting TGA images (bsc#1184752). - CVE-2021-3410: Fixed an illegal WRITE memory access (bsc#1182731). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-754=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-754=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-754=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-754=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-754=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-754=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-754=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-754=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-754=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-754=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 - SUSE CaaS Platform 4.0 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-3.8.1 libcaca-devel-0.99.beta19.git20171003-3.8.1 libcaca0-0.99.beta19.git20171003-3.8.1 libcaca0-debuginfo-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-0.99.beta19.git20171003-3.8.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-30498.html https://www.suse.com/security/cve/CVE-2021-30499.html https://www.suse.com/security/cve/CVE-2021-3410.html https://bugzilla.suse.com/1182731 https://bugzilla.suse.com/1184751 https://bugzilla.suse.com/1184752 From sle-updates at lists.suse.com Tue Mar 8 23:22:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:22:45 +0100 (CET) Subject: SUSE-SU-2022:0764-1: important: Security update for the Linux Kernel Message-ID: <20220308232245.D1C00F386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0764-1 Rating: important References: #1191580 #1192483 #1195701 #1195995 #1196584 Cross-References: CVE-2022-0001 CVE-2022-0002 CVSS scores: CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Real Time 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-764=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-764=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-76.1 kernel-source-rt-5.3.18-76.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-76.1 cluster-md-kmp-rt-debuginfo-5.3.18-76.1 dlm-kmp-rt-5.3.18-76.1 dlm-kmp-rt-debuginfo-5.3.18-76.1 gfs2-kmp-rt-5.3.18-76.1 gfs2-kmp-rt-debuginfo-5.3.18-76.1 kernel-rt-5.3.18-76.1 kernel-rt-debuginfo-5.3.18-76.1 kernel-rt-debugsource-5.3.18-76.1 kernel-rt-devel-5.3.18-76.1 kernel-rt-devel-debuginfo-5.3.18-76.1 kernel-rt_debug-5.3.18-76.1 kernel-rt_debug-debuginfo-5.3.18-76.1 kernel-rt_debug-debugsource-5.3.18-76.1 kernel-rt_debug-devel-5.3.18-76.1 kernel-rt_debug-devel-debuginfo-5.3.18-76.1 kernel-syms-rt-5.3.18-76.1 ocfs2-kmp-rt-5.3.18-76.1 ocfs2-kmp-rt-debuginfo-5.3.18-76.1 - SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-76.1 kernel-rt-debuginfo-5.3.18-76.1 kernel-rt-debugsource-5.3.18-76.1 References: https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1195701 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196584 From sle-updates at lists.suse.com Tue Mar 8 23:23:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:23:47 +0100 (CET) Subject: SUSE-SU-2022:0762-1: important: Security update for the Linux Kernel Message-ID: <20220308232347.6F746F386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0762-1 Rating: important References: #1146312 #1185973 #1191580 #1193731 #1194463 #1195536 #1195543 #1195612 #1195908 #1195939 #1196079 #1196612 Cross-References: CVE-2016-10905 CVE-2021-0920 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 CVSS scores: CVE-2016-10905 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-10905 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). - CVE-2016-10905: Fixed a use-after-free is gfs2_clear_rgrpd() and read_rindex_entry() (bsc#1146312). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-762=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-762=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-762=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-762=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-762=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-762=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-762=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.156.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.156.1 cluster-md-kmp-default-debuginfo-4.4.180-94.156.1 dlm-kmp-default-4.4.180-94.156.1 dlm-kmp-default-debuginfo-4.4.180-94.156.1 gfs2-kmp-default-4.4.180-94.156.1 gfs2-kmp-default-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 ocfs2-kmp-default-4.4.180-94.156.1 ocfs2-kmp-default-debuginfo-4.4.180-94.156.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.156.1 kernel-default-base-4.4.180-94.156.1 kernel-default-base-debuginfo-4.4.180-94.156.1 kernel-default-debuginfo-4.4.180-94.156.1 kernel-default-debugsource-4.4.180-94.156.1 kernel-default-devel-4.4.180-94.156.1 kernel-default-kgraft-4.4.180-94.156.1 kernel-syms-4.4.180-94.156.1 kgraft-patch-4_4_180-94_156-default-1-4.3.1 kgraft-patch-4_4_180-94_156-default-debuginfo-1-4.3.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.156.1 kernel-macros-4.4.180-94.156.1 kernel-source-4.4.180-94.156.1 References: https://www.suse.com/security/cve/CVE-2016-10905.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-24448.html https://bugzilla.suse.com/1146312 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194463 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195939 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Tue Mar 8 23:25:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:25:30 +0100 (CET) Subject: SUSE-SU-2022:0763-1: important: Security update for the Linux Kernel Message-ID: <20220308232530.F186AF386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0763-1 Rating: important References: #1089644 #1154353 #1157038 #1157923 #1176447 #1176940 #1178134 #1181147 #1181588 #1183872 #1187716 #1188404 #1189126 #1190812 #1190972 #1191580 #1191655 #1191741 #1192210 #1192483 #1193096 #1193233 #1193243 #1193787 #1194163 #1194967 #1195012 #1195081 #1195286 #1195352 #1195378 #1195506 #1195668 #1195701 #1195798 #1195799 #1195823 #1195928 #1195957 #1195995 #1196195 #1196235 #1196339 #1196400 #1196516 #1196584 SLE-20807 SLE-22135 SLE-22494 Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-25375 CVSS scores: CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities, contains three features and has 43 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-763=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-763=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.79.1 kernel-source-rt-5.3.18-150300.79.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.79.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.79.1 dlm-kmp-rt-5.3.18-150300.79.1 dlm-kmp-rt-debuginfo-5.3.18-150300.79.1 gfs2-kmp-rt-5.3.18-150300.79.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.79.1 kernel-rt-5.3.18-150300.79.1 kernel-rt-debuginfo-5.3.18-150300.79.1 kernel-rt-debugsource-5.3.18-150300.79.1 kernel-rt-devel-5.3.18-150300.79.1 kernel-rt-devel-debuginfo-5.3.18-150300.79.1 kernel-rt_debug-debuginfo-5.3.18-150300.79.1 kernel-rt_debug-debugsource-5.3.18-150300.79.1 kernel-rt_debug-devel-5.3.18-150300.79.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.79.1 kernel-syms-rt-5.3.18-150300.79.1 ocfs2-kmp-rt-5.3.18-150300.79.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.79.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.79.1 kernel-rt-debuginfo-5.3.18-150300.79.1 kernel-rt-debugsource-5.3.18-150300.79.1 References: https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-25375.html https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1181147 https://bugzilla.suse.com/1181588 https://bugzilla.suse.com/1183872 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1188404 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1190972 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1191741 https://bugzilla.suse.com/1192210 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193233 https://bugzilla.suse.com/1193243 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194967 https://bugzilla.suse.com/1195012 https://bugzilla.suse.com/1195081 https://bugzilla.suse.com/1195286 https://bugzilla.suse.com/1195352 https://bugzilla.suse.com/1195378 https://bugzilla.suse.com/1195506 https://bugzilla.suse.com/1195668 https://bugzilla.suse.com/1195701 https://bugzilla.suse.com/1195798 https://bugzilla.suse.com/1195799 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195928 https://bugzilla.suse.com/1195957 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196195 https://bugzilla.suse.com/1196235 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 From sle-updates at lists.suse.com Tue Mar 8 23:30:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:30:14 +0100 (CET) Subject: SUSE-SU-2022:0759-1: important: Security update for the Linux Kernel Message-ID: <20220308233014.3A3B6F386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0759-1 Rating: important References: #1189126 #1191580 #1192483 #1194516 #1195254 #1195286 #1195516 #1195543 #1195612 #1195701 #1195897 #1195905 #1195908 #1195947 #1195949 #1195987 #1195995 #1196079 #1196095 #1196132 #1196155 #1196235 #1196584 #1196601 #1196612 #1196776 SLE-23652 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0516 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24958 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24958 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-25258 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25258 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - gve: Add RX context (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - net: tipc: validate domain record count on input (bsc#1195254). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-759=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-759=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-759=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-759=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-759=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-759=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-759=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-759=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-759=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-759=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-759=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-759=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-759=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 reiserfs-kmp-default-5.3.18-24.107.1 reiserfs-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 reiserfs-kmp-default-5.3.18-24.107.1 reiserfs-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 reiserfs-kmp-default-5.3.18-24.107.1 reiserfs-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 reiserfs-kmp-default-5.3.18-24.107.1 reiserfs-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 reiserfs-kmp-default-5.3.18-24.107.1 reiserfs-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-livepatch-5.3.18-24.107.1 kernel-default-livepatch-devel-5.3.18-24.107.1 kernel-livepatch-5_3_18-24_107-default-1-5.5.1 kernel-livepatch-5_3_18-24_107-default-debuginfo-1-5.5.1 kernel-livepatch-SLE15-SP2_Update_25-debugsource-1-5.5.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.107.1 cluster-md-kmp-default-debuginfo-5.3.18-24.107.1 dlm-kmp-default-5.3.18-24.107.1 dlm-kmp-default-debuginfo-5.3.18-24.107.1 gfs2-kmp-default-5.3.18-24.107.1 gfs2-kmp-default-debuginfo-5.3.18-24.107.1 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 ocfs2-kmp-default-5.3.18-24.107.1 ocfs2-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-24.107.1 kernel-default-base-5.3.18-24.107.1.9.50.2 kernel-default-debuginfo-5.3.18-24.107.1 kernel-default-debugsource-5.3.18-24.107.1 kernel-default-devel-5.3.18-24.107.1 kernel-default-devel-debuginfo-5.3.18-24.107.1 kernel-obs-build-5.3.18-24.107.1 kernel-obs-build-debugsource-5.3.18-24.107.1 kernel-preempt-5.3.18-24.107.1 kernel-preempt-debuginfo-5.3.18-24.107.1 kernel-preempt-debugsource-5.3.18-24.107.1 kernel-preempt-devel-5.3.18-24.107.1 kernel-preempt-devel-debuginfo-5.3.18-24.107.1 kernel-syms-5.3.18-24.107.1 reiserfs-kmp-default-5.3.18-24.107.1 reiserfs-kmp-default-debuginfo-5.3.18-24.107.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-24.107.1 kernel-docs-5.3.18-24.107.1 kernel-macros-5.3.18-24.107.1 kernel-source-5.3.18-24.107.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0516.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-0847.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24958.html https://www.suse.com/security/cve/CVE-2022-24959.html https://www.suse.com/security/cve/CVE-2022-25258.html https://www.suse.com/security/cve/CVE-2022-25375.html https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195286 https://bugzilla.suse.com/1195516 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195701 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195905 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195947 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196095 https://bugzilla.suse.com/1196132 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196235 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196601 https://bugzilla.suse.com/1196612 https://bugzilla.suse.com/1196776 From sle-updates at lists.suse.com Tue Mar 8 23:33:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:33:31 +0100 (CET) Subject: SUSE-SU-2022:0755-1: important: Security update for the Linux Kernel Message-ID: <20220308233331.977D1F386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0755-1 Rating: important References: #1089644 #1154353 #1156395 #1157038 #1157923 #1176447 #1176940 #1178134 #1181147 #1181588 #1183872 #1187716 #1188404 #1189126 #1190812 #1190972 #1191580 #1191655 #1191741 #1192210 #1192483 #1193096 #1193233 #1193243 #1193787 #1194163 #1194967 #1195012 #1195081 #1195142 #1195352 #1195378 #1195476 #1195477 #1195478 #1195479 #1195480 #1195481 #1195482 #1195506 #1195516 #1195543 #1195668 #1195701 #1195798 #1195799 #1195823 #1195908 #1195928 #1195947 #1195957 #1195995 #1196195 #1196235 #1196339 #1196400 #1196403 #1196516 #1196584 #1196601 #1196612 #1196776 SLE-20807 SLE-22135 SLE-22494 Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-25375 CVSS scores: CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Bluetooth: refactor malicious adv data check (git-fixes). - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-multipath: fix ANA state updates when a namespace is not present (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tty: Add support for Brainboxes UC cards (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-755=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.47.1 kernel-source-azure-5.3.18-150300.38.47.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.47.1 kernel-azure-debuginfo-5.3.18-150300.38.47.1 kernel-azure-debugsource-5.3.18-150300.38.47.1 kernel-azure-devel-5.3.18-150300.38.47.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.47.1 kernel-syms-azure-5.3.18-150300.38.47.1 References: https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0516.html https://www.suse.com/security/cve/CVE-2022-0847.html https://www.suse.com/security/cve/CVE-2022-25375.html https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1181147 https://bugzilla.suse.com/1181588 https://bugzilla.suse.com/1183872 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1188404 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1190972 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1191741 https://bugzilla.suse.com/1192210 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193233 https://bugzilla.suse.com/1193243 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194967 https://bugzilla.suse.com/1195012 https://bugzilla.suse.com/1195081 https://bugzilla.suse.com/1195142 https://bugzilla.suse.com/1195352 https://bugzilla.suse.com/1195378 https://bugzilla.suse.com/1195476 https://bugzilla.suse.com/1195477 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195479 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195481 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1195506 https://bugzilla.suse.com/1195516 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195668 https://bugzilla.suse.com/1195701 https://bugzilla.suse.com/1195798 https://bugzilla.suse.com/1195799 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195928 https://bugzilla.suse.com/1195947 https://bugzilla.suse.com/1195957 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196195 https://bugzilla.suse.com/1196235 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196403 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196601 https://bugzilla.suse.com/1196612 https://bugzilla.suse.com/1196776 From sle-updates at lists.suse.com Tue Mar 8 23:39:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:39:28 +0100 (CET) Subject: SUSE-SU-2022:0766-1: important: Security update for the Linux Kernel Message-ID: <20220308233928.E14D4F387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0766-1 Rating: important References: #1107207 #1185973 #1191580 #1194516 #1195536 #1195543 #1195612 #1195840 #1195897 #1195908 #1195949 #1195987 #1196079 #1196155 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-766=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-766=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-766=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-766=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-766=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-766=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 reiserfs-kmp-default-4.12.14-150.86.1 reiserfs-kmp-default-debuginfo-4.12.14-150.86.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 reiserfs-kmp-default-4.12.14-150.86.1 reiserfs-kmp-default-debuginfo-4.12.14-150.86.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.86.1 kernel-zfcpdump-debuginfo-4.12.14-150.86.1 kernel-zfcpdump-debugsource-4.12.14-150.86.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-livepatch-4.12.14-150.86.1 kernel-livepatch-4_12_14-150_86-default-1-1.3.1 kernel-livepatch-4_12_14-150_86-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.86.1 kernel-default-base-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 kernel-default-devel-4.12.14-150.86.1 kernel-default-devel-debuginfo-4.12.14-150.86.1 kernel-obs-build-4.12.14-150.86.1 kernel-obs-build-debugsource-4.12.14-150.86.1 kernel-syms-4.12.14-150.86.1 kernel-vanilla-base-4.12.14-150.86.1 kernel-vanilla-base-debuginfo-4.12.14-150.86.1 kernel-vanilla-debuginfo-4.12.14-150.86.1 kernel-vanilla-debugsource-4.12.14-150.86.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.86.1 kernel-docs-4.12.14-150.86.1 kernel-macros-4.12.14-150.86.1 kernel-source-4.12.14-150.86.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.86.1 cluster-md-kmp-default-debuginfo-4.12.14-150.86.1 dlm-kmp-default-4.12.14-150.86.1 dlm-kmp-default-debuginfo-4.12.14-150.86.1 gfs2-kmp-default-4.12.14-150.86.1 gfs2-kmp-default-debuginfo-4.12.14-150.86.1 kernel-default-debuginfo-4.12.14-150.86.1 kernel-default-debugsource-4.12.14-150.86.1 ocfs2-kmp-default-4.12.14-150.86.1 ocfs2-kmp-default-debuginfo-4.12.14-150.86.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24959.html https://bugzilla.suse.com/1107207 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195840 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Tue Mar 8 23:47:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:47:43 +0100 (CET) Subject: SUSE-SU-2022:0768-1: important: Security update for the Linux Kernel Message-ID: <20220308234743.CE31DF386@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0768-1 Rating: important References: #1185973 #1191580 #1194516 #1195536 #1195543 #1195612 #1195840 #1195897 #1195908 #1195949 #1195987 #1196079 #1196155 #1196584 #1196612 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-768=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-768=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-768=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-768=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-768=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-768=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-768=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-768=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.108.1 kernel-zfcpdump-debuginfo-4.12.14-197.108.1 kernel-zfcpdump-debugsource-4.12.14-197.108.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-livepatch-4.12.14-197.108.1 kernel-default-livepatch-devel-4.12.14-197.108.1 kernel-livepatch-4_12_14-197_108-default-1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.108.1 cluster-md-kmp-default-debuginfo-4.12.14-197.108.1 dlm-kmp-default-4.12.14-197.108.1 dlm-kmp-default-debuginfo-4.12.14-197.108.1 gfs2-kmp-default-4.12.14-197.108.1 gfs2-kmp-default-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 ocfs2-kmp-default-4.12.14-197.108.1 ocfs2-kmp-default-debuginfo-4.12.14-197.108.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.108.1 kernel-default-base-4.12.14-197.108.1 kernel-default-base-debuginfo-4.12.14-197.108.1 kernel-default-debuginfo-4.12.14-197.108.1 kernel-default-debugsource-4.12.14-197.108.1 kernel-default-devel-4.12.14-197.108.1 kernel-default-devel-debuginfo-4.12.14-197.108.1 kernel-obs-build-4.12.14-197.108.1 kernel-obs-build-debugsource-4.12.14-197.108.1 kernel-syms-4.12.14-197.108.1 reiserfs-kmp-default-4.12.14-197.108.1 reiserfs-kmp-default-debuginfo-4.12.14-197.108.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.108.1 kernel-docs-4.12.14-197.108.1 kernel-macros-4.12.14-197.108.1 kernel-source-4.12.14-197.108.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24959.html https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195840 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Tue Mar 8 23:49:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:49:52 +0100 (CET) Subject: SUSE-SU-2022:14905-1: important: Security update for the Linux Kernel Message-ID: <20220308234952.616D7F387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14905-1 Rating: important References: #1171420 #1179599 #1190025 #1191580 #1193157 #1193669 #1193867 #1194272 #1195109 #1195543 #1195908 #1196079 #1196612 Cross-References: CVE-2019-0136 CVE-2020-12770 CVE-2020-27820 CVE-2021-3753 CVE-2021-4155 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVSS scores: CVE-2019-0136 (NVD) : 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-0136 (SUSE): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-3753 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). - CVE-2021-4155: Fixed a data leak flaw that allows a local attacker to leak data on the XFS filesystem (bsc#1194272). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-0136: Fixed an insufficient access control which allow an unauthenticated user to execute a denial of service (bsc#1193157). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). The following non-security bugs were fixed: - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - md: check the return of mddev_find() (bsc#1195109). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-14905=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-14905=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-14905=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.135.1 kernel-default-base-3.0.101-108.135.1 kernel-default-devel-3.0.101-108.135.1 kernel-source-3.0.101-108.135.1 kernel-syms-3.0.101-108.135.1 kernel-trace-3.0.101-108.135.1 kernel-trace-base-3.0.101-108.135.1 kernel-trace-devel-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.135.1 kernel-ec2-base-3.0.101-108.135.1 kernel-ec2-devel-3.0.101-108.135.1 kernel-xen-3.0.101-108.135.1 kernel-xen-base-3.0.101-108.135.1 kernel-xen-devel-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.135.1 kernel-bigmem-base-3.0.101-108.135.1 kernel-bigmem-devel-3.0.101-108.135.1 kernel-ppc64-3.0.101-108.135.1 kernel-ppc64-base-3.0.101-108.135.1 kernel-ppc64-devel-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.135.1 kernel-pae-base-3.0.101-108.135.1 kernel-pae-devel-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.135.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.135.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.135.1 kernel-default-debugsource-3.0.101-108.135.1 kernel-trace-debuginfo-3.0.101-108.135.1 kernel-trace-debugsource-3.0.101-108.135.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.135.1 kernel-trace-devel-debuginfo-3.0.101-108.135.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.135.1 kernel-ec2-debugsource-3.0.101-108.135.1 kernel-xen-debuginfo-3.0.101-108.135.1 kernel-xen-debugsource-3.0.101-108.135.1 kernel-xen-devel-debuginfo-3.0.101-108.135.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.135.1 kernel-bigmem-debugsource-3.0.101-108.135.1 kernel-ppc64-debuginfo-3.0.101-108.135.1 kernel-ppc64-debugsource-3.0.101-108.135.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.135.1 kernel-pae-debugsource-3.0.101-108.135.1 kernel-pae-devel-debuginfo-3.0.101-108.135.1 References: https://www.suse.com/security/cve/CVE-2019-0136.html https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-4155.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1193157 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194272 https://bugzilla.suse.com/1195109 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Tue Mar 8 23:53:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:53:37 +0100 (CET) Subject: SUSE-SU-2022:0760-1: important: Security update for the Linux Kernel Message-ID: <20220308235337.66A22F387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0760-1 Rating: important References: #1089644 #1154353 #1157038 #1157923 #1176447 #1176940 #1178134 #1181147 #1181588 #1183872 #1187716 #1188404 #1189126 #1190812 #1190972 #1191580 #1191655 #1191741 #1192210 #1192483 #1193096 #1193233 #1193243 #1193787 #1194163 #1194967 #1195012 #1195081 #1195286 #1195352 #1195378 #1195506 #1195516 #1195543 #1195668 #1195701 #1195798 #1195799 #1195823 #1195908 #1195928 #1195947 #1195957 #1195995 #1196195 #1196235 #1196339 #1196373 #1196400 #1196403 #1196516 #1196584 #1196585 #1196601 #1196612 #1196776 SLE-20807 SLE-22135 SLE-22494 Cross-References: CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-25375 CVSS scores: CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert "ASoC: mediatek: Check for error clk pointer" (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-760=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-760=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-760=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-760=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-760=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-760=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-760=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debugsource-5.3.18-150300.59.54.1 kernel-default-extra-5.3.18-150300.59.54.1 kernel-default-extra-debuginfo-5.3.18-150300.59.54.1 kernel-preempt-debuginfo-5.3.18-150300.59.54.1 kernel-preempt-debugsource-5.3.18-150300.59.54.1 kernel-preempt-extra-5.3.18-150300.59.54.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debugsource-5.3.18-150300.59.54.1 kernel-default-livepatch-5.3.18-150300.59.54.1 kernel-default-livepatch-devel-5.3.18-150300.59.54.1 kernel-livepatch-5_3_18-150300_59_54-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debugsource-5.3.18-150300.59.54.1 reiserfs-kmp-default-5.3.18-150300.59.54.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.54.1 kernel-obs-build-debugsource-5.3.18-150300.59.54.1 kernel-syms-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.54.1 kernel-preempt-debugsource-5.3.18-150300.59.54.1 kernel-preempt-devel-5.3.18-150300.59.54.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.54.1 kernel-source-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.54.1 kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3 kernel-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debugsource-5.3.18-150300.59.54.1 kernel-default-devel-5.3.18-150300.59.54.1 kernel-default-devel-debuginfo-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.54.1 kernel-preempt-debuginfo-5.3.18-150300.59.54.1 kernel-preempt-debugsource-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.54.1 kernel-64kb-debuginfo-5.3.18-150300.59.54.1 kernel-64kb-debugsource-5.3.18-150300.59.54.1 kernel-64kb-devel-5.3.18-150300.59.54.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.54.1 kernel-macros-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.54.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.54.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.54.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.54.1 kernel-default-base-5.3.18-150300.59.54.1.150300.18.35.3 kernel-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debugsource-5.3.18-150300.59.54.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.54.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.54.1 dlm-kmp-default-5.3.18-150300.59.54.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.54.1 gfs2-kmp-default-5.3.18-150300.59.54.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debuginfo-5.3.18-150300.59.54.1 kernel-default-debugsource-5.3.18-150300.59.54.1 ocfs2-kmp-default-5.3.18-150300.59.54.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.54.1 References: https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0516.html https://www.suse.com/security/cve/CVE-2022-0847.html https://www.suse.com/security/cve/CVE-2022-25375.html https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1181147 https://bugzilla.suse.com/1181588 https://bugzilla.suse.com/1183872 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1188404 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1190972 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1191741 https://bugzilla.suse.com/1192210 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1193096 https://bugzilla.suse.com/1193233 https://bugzilla.suse.com/1193243 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194967 https://bugzilla.suse.com/1195012 https://bugzilla.suse.com/1195081 https://bugzilla.suse.com/1195286 https://bugzilla.suse.com/1195352 https://bugzilla.suse.com/1195378 https://bugzilla.suse.com/1195506 https://bugzilla.suse.com/1195516 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195668 https://bugzilla.suse.com/1195701 https://bugzilla.suse.com/1195798 https://bugzilla.suse.com/1195799 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195928 https://bugzilla.suse.com/1195947 https://bugzilla.suse.com/1195957 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196195 https://bugzilla.suse.com/1196235 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196373 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196403 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196585 https://bugzilla.suse.com/1196601 https://bugzilla.suse.com/1196612 https://bugzilla.suse.com/1196776 From sle-updates at lists.suse.com Tue Mar 8 23:59:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 00:59:17 +0100 (CET) Subject: SUSE-SU-2022:0761-1: important: Security update for the Linux Kernel Message-ID: <20220308235917.CAC85F387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0761-1 Rating: important References: #1046306 #1050244 #1089644 #1094978 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101674 #1101816 #1103991 #1109837 #1111981 #1112374 #1114648 #1114685 #1114893 #1117495 #1118661 #1119113 #1136460 #1136461 #1157038 #1157923 #1158533 #1174852 #1185973 #1187716 #1189126 #1191271 #1191580 #1191655 #1193857 #1195080 #1195377 #1195536 #1195543 #1195638 #1195795 #1195823 #1195840 #1195897 #1195908 #1195934 #1195987 #1195995 #1196079 #1196155 #1196400 #1196516 #1196584 #1196612 SLE-20809 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24959 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains one feature and has 47 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). The following non-security bugs were fixed: - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - EDAC/xgene: Fix deferred probing (bsc#1114648). - IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685). - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). Make this work-around optional - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244). - RDMA/mlx5: Set user priority for DCT (bsc#1103991). - RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533). - ext4: avoid trim error on fs with small groups (bsc#1191271). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add netif_set_xps_queue call (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Add rx buffer pagecnt bias (bsc#1191655). - gve: Allow pageflips on larger pages (bsc#1191655). - gve: Avoid freeing NULL pointer (bsc#1191655). - gve: Correct available tx qpl check (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: DQO: avoid unused variable warnings (bsc#1191655). - gve: Do lazy cleanup in TX path (bsc#1191655). - gve: Fix GFP flags when allocing pages (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Properly handle errors in gve_assign_qpl (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Switch to use napi_complete_done (bsc#1191655). - gve: Track RX buffer allocation failures (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix gve_get_stats() (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1191655). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1191655). - i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978). - i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ). - i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816). - i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ). - i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797). - i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ). - i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978). - i40e: Fix pre-set max number of queues for VF (bsc#1111981 ). - i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ). - iavf: Fix limit of total number of queues to active queues of VF (bsc#1111981). - iavf: prevent accidental free of filter structure (bsc#1111981 ). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: Update driver return codes (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: Delete always true check of PF pointer (bsc#1118661 ). - ice: ignore dropped packets during init (bsc#1118661 ). - igb: Fix removal of unicast MAC filters of VFs (bsc#1117495). - ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674). - kabi: Hide changes to s390/AP structures (jsc#SLE-20809). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837). - net: ena: Fix error handling when calculating max IO queues number (bsc#1174852). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1174852). - net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113). - net: phylink: avoid mvneta warning when setting pause parameters (bsc#1119113). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - phylib: fix potential use-after-free (bsc#1119113). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc#1112374). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - rndis_host: support Hytera digital radios (git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809). - s390/ap: rework crypto config info and default domain code (jsc#SLE-20809). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC#196090). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195080 LTC#196090). - s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245). - sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-761=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.81.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.81.1 dlm-kmp-rt-4.12.14-10.81.1 dlm-kmp-rt-debuginfo-4.12.14-10.81.1 gfs2-kmp-rt-4.12.14-10.81.1 gfs2-kmp-rt-debuginfo-4.12.14-10.81.1 kernel-rt-4.12.14-10.81.1 kernel-rt-base-4.12.14-10.81.1 kernel-rt-base-debuginfo-4.12.14-10.81.1 kernel-rt-debuginfo-4.12.14-10.81.1 kernel-rt-debugsource-4.12.14-10.81.1 kernel-rt-devel-4.12.14-10.81.1 kernel-rt-devel-debuginfo-4.12.14-10.81.1 kernel-rt_debug-4.12.14-10.81.1 kernel-rt_debug-debuginfo-4.12.14-10.81.1 kernel-rt_debug-debugsource-4.12.14-10.81.1 kernel-rt_debug-devel-4.12.14-10.81.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.81.1 kernel-syms-rt-4.12.14-10.81.1 ocfs2-kmp-rt-4.12.14-10.81.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.81.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.81.1 kernel-source-rt-4.12.14-10.81.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-24959.html https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1094978 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1117495 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1158533 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1193857 https://bugzilla.suse.com/1195080 https://bugzilla.suse.com/1195377 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195638 https://bugzilla.suse.com/1195795 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195840 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195934 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Wed Mar 9 00:05:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 01:05:24 +0100 (CET) Subject: SUSE-SU-2022:0767-1: important: Security update for the Linux Kernel Message-ID: <20220309000524.B54ABF387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0767-1 Rating: important References: #1046306 #1050244 #1089644 #1094978 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101674 #1101816 #1103991 #1109837 #1111981 #1112374 #1114648 #1114685 #1114893 #1117495 #1118661 #1119113 #1136460 #1136461 #1157038 #1157923 #1158533 #1174852 #1185377 #1185973 #1187716 #1189126 #1191271 #1191580 #1191655 #1193857 #1193867 #1194048 #1194516 #1195080 #1195377 #1195536 #1195543 #1195612 #1195638 #1195795 #1195823 #1195840 #1195897 #1195908 #1195934 #1195949 #1195987 #1195995 #1196079 #1196155 #1196400 #1196516 #1196584 #1196612 SLE-20809 Cross-References: CVE-2021-44879 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). The following non-security bugs were fixed: - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - EDAC/xgene: Fix deferred probing (bsc#1114648). - IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685). - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). Make this work-around optional - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244). - RDMA/mlx5: Set user priority for DCT (bsc#1103991). - RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306). - Replace with an alternative fix for bsc#1185377 - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533). - ext4: avoid trim error on fs with small groups (bsc#1191271). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add netif_set_xps_queue call (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Add rx buffer pagecnt bias (bsc#1191655). - gve: Allow pageflips on larger pages (bsc#1191655). - gve: Avoid freeing NULL pointer (bsc#1191655). - gve: Correct available tx qpl check (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: DQO: avoid unused variable warnings (bsc#1191655). - gve: Do lazy cleanup in TX path (bsc#1191655). - gve: Fix GFP flags when allocing pages (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Properly handle errors in gve_assign_qpl (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Switch to use napi_complete_done (bsc#1191655). - gve: Track RX buffer allocation failures (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix gve_get_stats() (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1191655). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1191655). - i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978). - i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ). - i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816). - i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ). - i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797). - i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ). - i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978). - i40e: Fix pre-set max number of queues for VF (bsc#1111981 ). - i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ). - iavf: Fix limit of total number of queues to active queues of VF (bsc#1111981). - iavf: prevent accidental free of filter structure (bsc#1111981 ). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: Update driver return codes (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: Delete always true check of PF pointer (bsc#1118661 ). - ice: ignore dropped packets during init (bsc#1118661 ). - igb: Fix removal of unicast MAC filters of VFs (bsc#1117495). - ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674). - kabi: Hide changes to s390/AP structures (jsc#SLE-20809). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837). - net: ena: Fix error handling when calculating max IO queues number (bsc#1174852). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1174852). - net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113). - net: phylink: avoid mvneta warning when setting pause parameters (bsc#1119113). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - phylib: fix potential use-after-free (bsc#1119113). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc#1112374). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - rndis_host: support Hytera digital radios (git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809). - s390/ap: rework crypto config info and default domain code (jsc#SLE-20809). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC#196090). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195080 LTC#196090). - s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245). - sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-767=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-767=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-767=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-767=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-767=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 kernel-default-extra-4.12.14-122.113.1 kernel-default-extra-debuginfo-4.12.14-122.113.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.113.1 kernel-obs-build-debugsource-4.12.14-122.113.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.113.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.113.1 kernel-default-base-4.12.14-122.113.1 kernel-default-base-debuginfo-4.12.14-122.113.1 kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 kernel-default-devel-4.12.14-122.113.1 kernel-syms-4.12.14-122.113.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.113.1 kernel-macros-4.12.14-122.113.1 kernel-source-4.12.14-122.113.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.113.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.113.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 kernel-default-kgraft-4.12.14-122.113.1 kernel-default-kgraft-devel-4.12.14-122.113.1 kgraft-patch-4_12_14-122_113-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.113.1 cluster-md-kmp-default-debuginfo-4.12.14-122.113.1 dlm-kmp-default-4.12.14-122.113.1 dlm-kmp-default-debuginfo-4.12.14-122.113.1 gfs2-kmp-default-4.12.14-122.113.1 gfs2-kmp-default-debuginfo-4.12.14-122.113.1 kernel-default-debuginfo-4.12.14-122.113.1 kernel-default-debugsource-4.12.14-122.113.1 ocfs2-kmp-default-4.12.14-122.113.1 ocfs2-kmp-default-debuginfo-4.12.14-122.113.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24959.html https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1094978 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1117495 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1158533 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1193857 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1195080 https://bugzilla.suse.com/1195377 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195638 https://bugzilla.suse.com/1195795 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195840 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195934 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Wed Mar 9 00:11:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 01:11:47 +0100 (CET) Subject: SUSE-SU-2022:0765-1: important: Security update for the Linux Kernel Message-ID: <20220309001147.B2C46F387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0765-1 Rating: important References: #1046306 #1050244 #1089644 #1094978 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1101674 #1101816 #1103991 #1109837 #1111981 #1112374 #1114648 #1114685 #1114893 #1117495 #1118661 #1119113 #1136460 #1136461 #1157038 #1157923 #1158533 #1174852 #1185377 #1185973 #1187716 #1189126 #1191271 #1191580 #1191655 #1193857 #1193867 #1194048 #1194516 #1195080 #1195377 #1195536 #1195543 #1195612 #1195638 #1195795 #1195823 #1195840 #1195897 #1195908 #1195934 #1195949 #1195987 #1195995 #1196079 #1196155 #1196400 #1196516 #1196584 #1196612 SLE-20809 Cross-References: CVE-2021-44879 CVE-2021-45095 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-24448 CVE-2022-24959 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities, contains one feature and has 50 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bsc#1193867). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - EDAC/xgene: Fix deferred probing (bsc#1114648). - IB/rdmavt: Validate remote_addr during loopback atomic tests (bsc#1114685). - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). Make this work-around optional - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244). - RDMA/mlx5: Set user priority for DCT (bsc#1103991). - RDMA/netlink: Add __maybe_unused to static inline in C file (bsc#1046306). - Replace with an alternative fix for bsc#1185377 - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - cxgb4: fix eeprom len when diagnostics not implemented (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533). - ext4: avoid trim error on fs with small groups (bsc#1191271). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add netif_set_xps_queue call (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Add rx buffer pagecnt bias (bsc#1191655). - gve: Allow pageflips on larger pages (bsc#1191655). - gve: Avoid freeing NULL pointer (bsc#1191655). - gve: Correct available tx qpl check (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: DQO: avoid unused variable warnings (bsc#1191655). - gve: Do lazy cleanup in TX path (bsc#1191655). - gve: Fix GFP flags when allocing pages (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Properly handle errors in gve_assign_qpl (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Switch to use napi_complete_done (bsc#1191655). - gve: Track RX buffer allocation failures (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix gve_get_stats() (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1191655). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1191655). - i40e: Fix changing previously set num_queue_pairs for PFs (bsc#1094978). - i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816 ). - i40e: Fix creation of first queue by omitting it if is not power of two (bsc#1101816). - i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981 ). - i40e: Fix for displaying message regarding NVM version (jsc#SLE-4797). - i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816 ). - i40e: Fix ping is lost after configuring ADq on VF (bsc#1094978). - i40e: Fix pre-set max number of queues for VF (bsc#1111981 ). - i40e: Increase delay to 1 s after global EMP reset (bsc#1101816 ). - iavf: Fix limit of total number of queues to active queues of VF (bsc#1111981). - iavf: prevent accidental free of filter structure (bsc#1111981 ). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: Update driver return codes (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: Delete always true check of PF pointer (bsc#1118661 ). - ice: ignore dropped packets during init (bsc#1118661 ). - igb: Fix removal of unicast MAC filters of VFs (bsc#1117495). - ixgbevf: Require large buffers for build_skb on 82599VF (bsc#1101674). - kabi: Hide changes to s390/AP structures (jsc#SLE-20809). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - mqprio: Correct stats in mqprio_dump_class_stats() (bsc#1109837). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837). - net: ena: Fix error handling when calculating max IO queues number (bsc#1174852). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1174852). - net: marvell: mvpp2: Fix the computation of shared CPUs (bsc#1119113). - net: phylink: avoid mvneta warning when setting pause parameters (bsc#1119113). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - phylib: fix potential use-after-free (bsc#1119113). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (bsc#1112374). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - rndis_host: support Hytera digital radios (git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809). - s390/ap: rework crypto config info and default domain code (jsc#SLE-20809). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195080 LTC#196090). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195080 LTC#196090). - s390/hypfs: include z/VM guests with access control group set (bsc#1195638 LTC#196354). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195377 LTC#196245). - sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-765=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.91.1 kernel-azure-base-4.12.14-16.91.1 kernel-azure-base-debuginfo-4.12.14-16.91.1 kernel-azure-debuginfo-4.12.14-16.91.1 kernel-azure-debugsource-4.12.14-16.91.1 kernel-azure-devel-4.12.14-16.91.1 kernel-syms-azure-4.12.14-16.91.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.91.1 kernel-source-azure-4.12.14-16.91.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24959.html https://bugzilla.suse.com/1046306 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1094978 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1101816 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111981 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1117495 https://bugzilla.suse.com/1118661 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1158533 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1191655 https://bugzilla.suse.com/1193857 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1195080 https://bugzilla.suse.com/1195377 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195638 https://bugzilla.suse.com/1195795 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195840 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195934 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1195995 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196516 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Wed Mar 9 00:18:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 01:18:00 +0100 (CET) Subject: SUSE-SU-2022:0756-1: important: Security update for the Linux Kernel Message-ID: <20220309001800.33F89F387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0756-1 Rating: important References: #1146312 #1190717 #1191580 #1193731 #1194463 #1195543 #1195612 #1195908 #1195939 #1196079 #1196612 Cross-References: CVE-2016-10905 CVE-2021-0920 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 CVSS scores: CVE-2016-10905 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-10905 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 7 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). - CVE-2016-10905: Fixed a use-after-free is gfs2_clear_rgrpd() and read_rindex_entry() (bsc#1146312). The following non-security bug was fixed: - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-756=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.169.1 kernel-macros-4.4.121-92.169.1 kernel-source-4.4.121-92.169.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.169.1 kernel-default-base-4.4.121-92.169.1 kernel-default-base-debuginfo-4.4.121-92.169.1 kernel-default-debuginfo-4.4.121-92.169.1 kernel-default-debugsource-4.4.121-92.169.1 kernel-default-devel-4.4.121-92.169.1 kernel-syms-4.4.121-92.169.1 References: https://www.suse.com/security/cve/CVE-2016-10905.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-24448.html https://bugzilla.suse.com/1146312 https://bugzilla.suse.com/1190717 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194463 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195939 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Wed Mar 9 00:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 01:19:42 +0100 (CET) Subject: SUSE-SU-2022:0757-1: important: Security update for the Linux Kernel Message-ID: <20220309001942.A627DF387@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0757-1 Rating: important References: #1107207 #1114893 #1185973 #1191580 #1194516 #1195536 #1195543 #1195612 #1195840 #1195897 #1195908 #1195934 #1195949 #1195987 #1196079 #1196155 #1196584 #1196601 #1196612 Cross-References: CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 CVSS scores: CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0847 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named "Branch Target Injection" and "Intra-Mode Branch History Injection" are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-757=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-757=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-757=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-757=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-757=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-757=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.93.1 kernel-default-base-4.12.14-95.93.1 kernel-default-base-debuginfo-4.12.14-95.93.1 kernel-default-debuginfo-4.12.14-95.93.1 kernel-default-debugsource-4.12.14-95.93.1 kernel-default-devel-4.12.14-95.93.1 kernel-default-devel-debuginfo-4.12.14-95.93.1 kernel-syms-4.12.14-95.93.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.93.1 kernel-macros-4.12.14-95.93.1 kernel-source-4.12.14-95.93.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.93.1 kernel-macros-4.12.14-95.93.1 kernel-source-4.12.14-95.93.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.93.1 kernel-default-base-4.12.14-95.93.1 kernel-default-base-debuginfo-4.12.14-95.93.1 kernel-default-debuginfo-4.12.14-95.93.1 kernel-default-debugsource-4.12.14-95.93.1 kernel-default-devel-4.12.14-95.93.1 kernel-default-devel-debuginfo-4.12.14-95.93.1 kernel-syms-4.12.14-95.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.93.1 kernel-default-base-4.12.14-95.93.1 kernel-default-base-debuginfo-4.12.14-95.93.1 kernel-default-debuginfo-4.12.14-95.93.1 kernel-default-debugsource-4.12.14-95.93.1 kernel-default-devel-4.12.14-95.93.1 kernel-syms-4.12.14-95.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.93.1 kernel-macros-4.12.14-95.93.1 kernel-source-4.12.14-95.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.93.1 kernel-default-base-4.12.14-95.93.1 kernel-default-base-debuginfo-4.12.14-95.93.1 kernel-default-debuginfo-4.12.14-95.93.1 kernel-default-debugsource-4.12.14-95.93.1 kernel-default-devel-4.12.14-95.93.1 kernel-syms-4.12.14-95.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.93.1 kernel-macros-4.12.14-95.93.1 kernel-source-4.12.14-95.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.93.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.93.1 kernel-default-kgraft-devel-4.12.14-95.93.1 kgraft-patch-4_12_14-95_93-default-1-6.5.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.93.1 cluster-md-kmp-default-debuginfo-4.12.14-95.93.1 dlm-kmp-default-4.12.14-95.93.1 dlm-kmp-default-debuginfo-4.12.14-95.93.1 gfs2-kmp-default-4.12.14-95.93.1 gfs2-kmp-default-debuginfo-4.12.14-95.93.1 kernel-default-debuginfo-4.12.14-95.93.1 kernel-default-debugsource-4.12.14-95.93.1 ocfs2-kmp-default-4.12.14-95.93.1 ocfs2-kmp-default-debuginfo-4.12.14-95.93.1 References: https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-0847.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24959.html https://bugzilla.suse.com/1107207 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1195536 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195840 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195908 https://bugzilla.suse.com/1195934 https://bugzilla.suse.com/1195949 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196584 https://bugzilla.suse.com/1196601 https://bugzilla.suse.com/1196612 From sle-updates at lists.suse.com Wed Mar 9 14:20:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 15:20:28 +0100 (CET) Subject: SUSE-RU-2022:0771-1: moderate: Recommended update for libseccomp Message-ID: <20220309142028.ABE99F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for libseccomp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0771-1 Rating: moderate References: #1196825 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-771=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-771=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.5.3-150300.10.8.1 libseccomp-devel-2.5.3-150300.10.8.1 libseccomp2-2.5.3-150300.10.8.1 libseccomp2-debuginfo-2.5.3-150300.10.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libseccomp-debugsource-2.5.3-150300.10.8.1 libseccomp2-2.5.3-150300.10.8.1 libseccomp2-debuginfo-2.5.3-150300.10.8.1 References: https://bugzilla.suse.com/1196825 From sle-updates at lists.suse.com Wed Mar 9 14:21:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 15:21:12 +0100 (CET) Subject: SUSE-SU-2022:0774-1: moderate: Security update for tcpdump Message-ID: <20220309142112.4C484F386@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0774-1 Rating: moderate References: #1195825 Cross-References: CVE-2018-16301 CVSS scores: CVE-2018-16301 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-774=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-774=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-774=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-774=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-774=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-774=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-774=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-774=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-774=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-774=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-774=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-774=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-774=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-774=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-774=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-774=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-774=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-774=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-774=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-774=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-774=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Manager Proxy 4.1 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 - SUSE CaaS Platform 4.0 (x86_64): tcpdump-4.9.2-3.18.1 tcpdump-debuginfo-4.9.2-3.18.1 tcpdump-debugsource-4.9.2-3.18.1 References: https://www.suse.com/security/cve/CVE-2018-16301.html https://bugzilla.suse.com/1195825 From sle-updates at lists.suse.com Wed Mar 9 14:21:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 15:21:57 +0100 (CET) Subject: SUSE-SU-2022:0770-1: moderate: Security update for buildah Message-ID: <20220309142157.1F067F386@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0770-1 Rating: moderate References: #1187812 #1192999 SLE-23503 Cross-References: CVE-2019-10214 CVE-2020-10696 CVE-2021-20206 CVSS scores: CVE-2019-10214 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-10214 (SUSE): 9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for buildah fixes the following issues: buildah was updated to version 1.23.1: Update to version 1.22.3: * Update dependencies * Post-branch commit * Accept repositories on login/logout Update to version 1.22.0: * c/image, c/storage, c/common vendor before Podman 3.3 release * Proposed patch for 3399 (shadowutils) * Fix handling of --restore shadow-utils * runtime-flag (debug) test: handle old & new runc * Allow dst and destination for target in secret mounts * Multi-arch: Always push updated version-tagged img * imagebuildah.stageExecutor.prepare(): remove pseudonym check * refine dangling filter * Chown with environment variables not set should fail * Just restore protections of shadow-utils * Remove specific kernel version number requirement from install.md * Multi-arch image workflow: Make steps generic * chroot: fix environment value leakage to intermediate processes * Update nix pin with `make nixpkgs` * buildah source - create and manage source images * Update cirrus-cron notification GH workflow * Reuse code from containers/common/pkg/parse * Cirrus: Freshen VM images * Fix excludes exception begining with / or ./ * Fix syntax for --manifest example * vendor containers/common at main * Cirrus: Drop dependence on fedora-minimal * Adjust conformance-test error-message regex * Workaround appearance of differing debug messages * Cirrus: Install docker from package cache * Switch rusagelogfile to use options.Out * Turn stdio back to blocking when command finishes * Add support for default network creation * Cirrus: Updates for master->main rename * Change references from master to main * Add `--env` and `--workingdir` flags to run command * [CI:DOCS] buildah bud: spelling --ignore-file requires parameter * [CI:DOCS] push/pull: clarify supported transports * Remove unused function arguments * Create mountOptions for mount command flags * Extract version command implementation to function * Add --json flags to `mount` and `version` commands * copier.Put(): set xattrs after ownership * buildah add/copy: spelling * buildah copy and buildah add should support .containerignore * Remove unused util.StartsWithValidTransport * Fix documentation of the --format option of buildah push * Don't use alltransports.ParseImageName with known transports * man pages: clarify `rmi` removes dangling parents * [CI:DOCS] Fix links to c/image master branch * imagebuildah: use the specified logger for logging preprocessing warnings * Fix copy into workdir for a single file * Fix docs links due to branch rename * Update nix pin with `make nixpkgs` * fix(docs): typo * Move to v1.22.0-dev * Fix handling of auth.json file while in a user namespace * Add rusage-logfile flag to optionally send rusage to a file * imagebuildah: redo step logging * Add volumes to make running buildah within a container easier * Add and use a "copy" helper instead of podman load/save * Bump github.com/containers/common from 0.38.4 to 0.39.0 * containerImageRef/containerImageSource: don't buffer uncompressed layers * containerImageRef(): squashed images have no parent images * Sync. workflow across skopeo, buildah, and podman * Bump github.com/containers/storage from 1.31.1 to 1.31.2 * Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 * Bump to v1.21.1-dev [NO TESTS NEEDED] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-770=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): buildah-1.23.1-150300.8.3.1 References: https://www.suse.com/security/cve/CVE-2019-10214.html https://www.suse.com/security/cve/CVE-2020-10696.html https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1187812 https://bugzilla.suse.com/1192999 From sle-updates at lists.suse.com Wed Mar 9 14:23:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 15:23:05 +0100 (CET) Subject: SUSE-RU-2022:0772-1: moderate: Recommended update for icewm-theme-branding Message-ID: <20220309142305.D22E4F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm-theme-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0772-1 Rating: moderate References: #1195328 #1196336 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for icewm-theme-branding fixes the following issues: - Fix font configuration after google-droid-fonts update (bsc#1195328 bsc#1196336) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-772=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): icewm-theme-branding-1.2.5-150300.5.3.1 References: https://bugzilla.suse.com/1195328 https://bugzilla.suse.com/1196336 From sle-updates at lists.suse.com Wed Mar 9 14:24:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 15:24:11 +0100 (CET) Subject: SUSE-RU-2022:0773-1: moderate: Recommended update for fwupd Message-ID: <20220309142411.50360F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0773-1 Rating: moderate References: #1193921 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fwupd fixes the following issues: - Ignore non-PCI NVMe devices (e.g. NVMe-over-Fabrics) when probing (bsc#1193921) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-773=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fwupd-1.5.8-150300.3.3.1 fwupd-debuginfo-1.5.8-150300.3.3.1 fwupd-debugsource-1.5.8-150300.3.3.1 fwupd-devel-1.5.8-150300.3.3.1 fwupdtpmevlog-1.5.8-150300.3.3.1 fwupdtpmevlog-debuginfo-1.5.8-150300.3.3.1 libfwupd2-1.5.8-150300.3.3.1 libfwupd2-debuginfo-1.5.8-150300.3.3.1 libfwupdplugin1-1.5.8-150300.3.3.1 libfwupdplugin1-debuginfo-1.5.8-150300.3.3.1 typelib-1_0-Fwupd-2_0-1.5.8-150300.3.3.1 typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): fwupd-lang-1.5.8-150300.3.3.1 References: https://bugzilla.suse.com/1193921 From sle-updates at lists.suse.com Wed Mar 9 14:24:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 15:24:51 +0100 (CET) Subject: SUSE-SU-2022:0769-1: important: Security update for libcaca Message-ID: <20220309142451.67D4AF386@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0769-1 Rating: important References: #1184751 #1184752 Cross-References: CVE-2021-30498 CVE-2021-30499 CVSS scores: CVE-2021-30498 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30498 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-769=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-769=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-769=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-769=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-769=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-769=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-769=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-769=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-769=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-769=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-769=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-769=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Manager Proxy 4.1 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libcaca-debugsource-0.99.beta19.git20171003-11.3.1 libcaca-devel-0.99.beta19.git20171003-11.3.1 libcaca0-0.99.beta19.git20171003-11.3.1 libcaca0-debuginfo-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-0.99.beta19.git20171003-11.3.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-11.3.1 References: https://www.suse.com/security/cve/CVE-2021-30498.html https://www.suse.com/security/cve/CVE-2021-30499.html https://bugzilla.suse.com/1184751 https://bugzilla.suse.com/1184752 From sle-updates at lists.suse.com Wed Mar 9 17:18:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:18:32 +0100 (CET) Subject: SUSE-RU-2022:0775-1: moderate: Recommended update for pciutils Message-ID: <20220309171832.86712F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0775-1 Rating: moderate References: #1192862 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes the following issues: - Report the theoretical speeds for PCIe 5.0 and 6.0 (bsc#1192862) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-775=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-775=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpci3-3.5.6-150300.13.3.1 libpci3-debuginfo-3.5.6-150300.13.3.1 pciutils-3.5.6-150300.13.3.1 pciutils-debuginfo-3.5.6-150300.13.3.1 pciutils-debugsource-3.5.6-150300.13.3.1 pciutils-devel-3.5.6-150300.13.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libpci3-32bit-3.5.6-150300.13.3.1 libpci3-32bit-debuginfo-3.5.6-150300.13.3.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): libpci3-3.5.6-150300.13.3.1 libpci3-debuginfo-3.5.6-150300.13.3.1 pciutils-debuginfo-3.5.6-150300.13.3.1 pciutils-debugsource-3.5.6-150300.13.3.1 References: https://bugzilla.suse.com/1192862 From sle-updates at lists.suse.com Wed Mar 9 17:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:19:45 +0100 (CET) Subject: SUSE-SU-2022:0782-1: important: Security update for mariadb Message-ID: <20220309171945.023B4F37A@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0782-1 Rating: important References: #1195325 #1195334 #1195339 #1196016 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - Update to 10.2.43 (bsc#1196016): * 10.2.43: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.2.42: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-782=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-782=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-782=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-782=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-782=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-10.2.43-3.47.1 mariadb-client-10.2.43-3.47.1 mariadb-client-debuginfo-10.2.43-3.47.1 mariadb-debuginfo-10.2.43-3.47.1 mariadb-debugsource-10.2.43-3.47.1 mariadb-galera-10.2.43-3.47.1 mariadb-tools-10.2.43-3.47.1 mariadb-tools-debuginfo-10.2.43-3.47.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): mariadb-errormessages-10.2.43-3.47.1 - SUSE OpenStack Cloud 9 (noarch): mariadb-errormessages-10.2.43-3.47.1 - SUSE OpenStack Cloud 9 (x86_64): mariadb-10.2.43-3.47.1 mariadb-client-10.2.43-3.47.1 mariadb-client-debuginfo-10.2.43-3.47.1 mariadb-debuginfo-10.2.43-3.47.1 mariadb-debugsource-10.2.43-3.47.1 mariadb-galera-10.2.43-3.47.1 mariadb-tools-10.2.43-3.47.1 mariadb-tools-debuginfo-10.2.43-3.47.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mariadb-10.2.43-3.47.1 mariadb-client-10.2.43-3.47.1 mariadb-client-debuginfo-10.2.43-3.47.1 mariadb-debuginfo-10.2.43-3.47.1 mariadb-debugsource-10.2.43-3.47.1 mariadb-tools-10.2.43-3.47.1 mariadb-tools-debuginfo-10.2.43-3.47.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): mariadb-errormessages-10.2.43-3.47.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mariadb-10.2.43-3.47.1 mariadb-client-10.2.43-3.47.1 mariadb-client-debuginfo-10.2.43-3.47.1 mariadb-debuginfo-10.2.43-3.47.1 mariadb-debugsource-10.2.43-3.47.1 mariadb-tools-10.2.43-3.47.1 mariadb-tools-debuginfo-10.2.43-3.47.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): mariadb-errormessages-10.2.43-3.47.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mariadb-10.2.43-3.47.1 mariadb-client-10.2.43-3.47.1 mariadb-client-debuginfo-10.2.43-3.47.1 mariadb-debuginfo-10.2.43-3.47.1 mariadb-debugsource-10.2.43-3.47.1 mariadb-tools-10.2.43-3.47.1 mariadb-tools-debuginfo-10.2.43-3.47.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): mariadb-errormessages-10.2.43-3.47.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 From sle-updates at lists.suse.com Wed Mar 9 17:21:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:21:29 +0100 (CET) Subject: SUSE-SU-2022:0783-1: important: Security update for MozillaFirefox Message-ID: <20220309172129.90CB2F37A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0783-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 CVSS scores: CVE-2022-26485 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26486 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-783=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-783=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-783=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-783=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-783=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-783=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-783=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-783=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-783=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-783=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-783=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-783=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.6.1-152.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.6.1-152.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.6.1-152.19.1 MozillaFirefox-debuginfo-91.6.1-152.19.1 MozillaFirefox-debugsource-91.6.1-152.19.1 MozillaFirefox-devel-91.6.1-152.19.1 MozillaFirefox-translations-common-91.6.1-152.19.1 MozillaFirefox-translations-other-91.6.1-152.19.1 References: https://www.suse.com/security/cve/CVE-2022-26485.html https://www.suse.com/security/cve/CVE-2022-26486.html https://bugzilla.suse.com/1196809 From sle-updates at lists.suse.com Wed Mar 9 17:22:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:22:41 +0100 (CET) Subject: SUSE-OU-2022:0781-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220309172241.8F8E9F37A@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0781-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: MozillaThunderbird, enigmail Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-781=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-781=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.6.1-8.56.1 MozillaThunderbird-debuginfo-91.6.1-8.56.1 MozillaThunderbird-debugsource-91.6.1-8.56.1 MozillaThunderbird-translations-common-91.6.1-8.56.1 MozillaThunderbird-translations-other-91.6.1-8.56.1 enigmail-2.2.4-3.27.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.6.1-8.56.1 MozillaThunderbird-debuginfo-91.6.1-8.56.1 MozillaThunderbird-debugsource-91.6.1-8.56.1 MozillaThunderbird-translations-common-91.6.1-8.56.1 MozillaThunderbird-translations-other-91.6.1-8.56.1 enigmail-2.2.4-3.27.1 References: From sle-updates at lists.suse.com Wed Mar 9 17:23:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:23:17 +0100 (CET) Subject: SUSE-SU-2022:0777-1: important: Security update for MozillaFirefox Message-ID: <20220309172317.59296F37A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0777-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 CVSS scores: CVE-2022-26485 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26486 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-777=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-777=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-777=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-777=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-777=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-777=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-777=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-777=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-777=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-777=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-777=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-777=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-777=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.6.1-112.92.1 MozillaFirefox-debuginfo-91.6.1-112.92.1 MozillaFirefox-debugsource-91.6.1-112.92.1 MozillaFirefox-devel-91.6.1-112.92.1 MozillaFirefox-translations-common-91.6.1-112.92.1 References: https://www.suse.com/security/cve/CVE-2022-26485.html https://www.suse.com/security/cve/CVE-2022-26486.html https://bugzilla.suse.com/1196809 From sle-updates at lists.suse.com Wed Mar 9 17:24:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:24:25 +0100 (CET) Subject: SUSE-RU-2022:0780-1: moderate: Recommended update for nvme-cli Message-ID: <20220309172425.1A908F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0780-1 Rating: moderate References: #1193540 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nvme-cli fixes the following issues: - fabrics: fix 'nvme connect' segfault if transport type is omitted (bsc#1193540) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-780=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-780=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.13.1 nvme-cli-debuginfo-1.13-150300.3.13.1 nvme-cli-debugsource-1.13-150300.3.13.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.13.1 nvme-cli-debuginfo-1.13-150300.3.13.1 nvme-cli-debugsource-1.13-150300.3.13.1 References: https://bugzilla.suse.com/1193540 From sle-updates at lists.suse.com Wed Mar 9 17:25:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:25:08 +0100 (CET) Subject: SUSE-SU-2022:0778-1: important: Security update for MozillaFirefox Message-ID: <20220309172508.200F9F37A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0778-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 CVSS scores: CVE-2022-26485 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26486 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-778=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-778=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-778=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-778=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-778=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-778=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-778=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-778=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-778=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-778=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.6.1-150.21.1 MozillaFirefox-debuginfo-91.6.1-150.21.1 MozillaFirefox-debugsource-91.6.1-150.21.1 MozillaFirefox-devel-91.6.1-150.21.1 MozillaFirefox-translations-common-91.6.1-150.21.1 MozillaFirefox-translations-other-91.6.1-150.21.1 References: https://www.suse.com/security/cve/CVE-2022-26485.html https://www.suse.com/security/cve/CVE-2022-26486.html https://bugzilla.suse.com/1196809 From sle-updates at lists.suse.com Wed Mar 9 17:25:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:25:49 +0100 (CET) Subject: SUSE-RU-2022:0776-1: moderate: Recommended update for mutter Message-ID: <20220309172549.D87E3F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0776-1 Rating: moderate References: #1188759 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter fixes the following issues: - Improve mutter behavior when receiving a ClientMessage event, not to just assume that it's a WM_PROTOCOLS event but to actually check the type before using it (bsc#1188759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-776=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-776=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): mutter-lang-3.34.6-3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libmutter-5-0-3.34.6-3.9.1 libmutter-5-0-debuginfo-3.34.6-3.9.1 mutter-3.34.6-3.9.1 mutter-data-3.34.6-3.9.1 mutter-debuginfo-3.34.6-3.9.1 mutter-debugsource-3.34.6-3.9.1 mutter-devel-3.34.6-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmutter-5-0-3.34.6-3.9.1 libmutter-5-0-debuginfo-3.34.6-3.9.1 mutter-3.34.6-3.9.1 mutter-data-3.34.6-3.9.1 mutter-debuginfo-3.34.6-3.9.1 mutter-debugsource-3.34.6-3.9.1 mutter-devel-3.34.6-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): mutter-lang-3.34.6-3.9.1 References: https://bugzilla.suse.com/1188759 From sle-updates at lists.suse.com Wed Mar 9 17:26:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 18:26:59 +0100 (CET) Subject: SUSE-SU-2022:0779-1: moderate: Security update for tomcat Message-ID: <20220309172659.9CF66F37A@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0779-1 Rating: moderate References: #1196137 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: - Remove hard log4j dependency, as it is not required by tomcat itself (bsc#1196137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-779=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-779=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-779=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-779=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-779=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-779=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 - SUSE Enterprise Storage 6 (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 - SUSE CaaS Platform 4.0 (noarch): tomcat-9.0.36-4.73.1 tomcat-admin-webapps-9.0.36-4.73.1 tomcat-el-3_0-api-9.0.36-4.73.1 tomcat-jsp-2_3-api-9.0.36-4.73.1 tomcat-lib-9.0.36-4.73.1 tomcat-servlet-4_0-api-9.0.36-4.73.1 tomcat-webapps-9.0.36-4.73.1 References: https://bugzilla.suse.com/1196137 From sle-updates at lists.suse.com Wed Mar 9 20:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Mar 2022 21:17:43 +0100 (CET) Subject: SUSE-SU-2022:0784-1: important: Security update for tomcat Message-ID: <20220309201743.03EF8F37A@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0784-1 Rating: important References: #1195255 #1196091 #1196137 Cross-References: CVE-2022-23181 CVSS scores: CVE-2022-23181 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23181 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) - Remove log4j dependency, which is currently directly in use (bsc#1196137) - Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-784=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-784=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-784=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-784=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-784=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-784=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-784=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-784=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-784=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 - SUSE OpenStack Cloud 9 (x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE OpenStack Cloud 8 (x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.84.1 tomcat-admin-webapps-9.0.36-3.84.1 tomcat-docs-webapp-9.0.36-3.84.1 tomcat-el-3_0-api-9.0.36-3.84.1 tomcat-javadoc-9.0.36-3.84.1 tomcat-jsp-2_3-api-9.0.36-3.84.1 tomcat-lib-9.0.36-3.84.1 tomcat-servlet-4_0-api-9.0.36-3.84.1 tomcat-webapps-9.0.36-3.84.1 - HPE Helion Openstack 8 (x86_64): javapackages-filesystem-5.3.1-14.5.1 References: https://www.suse.com/security/cve/CVE-2022-23181.html https://bugzilla.suse.com/1195255 https://bugzilla.suse.com/1196091 https://bugzilla.suse.com/1196137 From sle-updates at lists.suse.com Thu Mar 10 07:55:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 08:55:30 +0100 (CET) Subject: SUSE-CU-2022:270-1: Recommended update of suse/sle15 Message-ID: <20220310075530.354A0F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:270-1 Container Tags : suse/sle15:15.4 , suse/sle15:15.4.23.26 Container Release : 23.26 Severity : moderate Type : recommended References : 1190447 1194265 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). The following package changes have been done: - bash-4.4-150400.23.73 updated - cpio-2.13-150400.1.62 updated - filesystem-15.0-11.5.1 updated - libaudit1-3.0.6-150400.1.14 updated - libblkid1-2.37.2-150400.4.19 updated - libbz2-1-1.0.8-150400.1.79 updated - libcom_err2-1.46.4-150400.1.46 updated - libdw1-0.185-150400.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.5 updated - libelf1-0.185-150400.3.1 updated - libfdisk1-2.37.2-150400.4.19 updated - libgcrypt20-hmac-1.9.4-150400.2.10 updated - libgcrypt20-1.9.4-150400.2.10 updated - libgpg-error0-1.42-150400.1.86 updated - libgpgme11-1.16.0-150400.1.51 updated - libmount1-2.37.2-150400.4.19 updated - libopenssl1_1-hmac-1.1.1l-150400.3.11 updated - libopenssl1_1-1.1.1l-150400.3.11 updated - libreadline7-7.0-150400.23.73 updated - libsasl2-3-2.1.27-150300.4.3.1 updated - libselinux1-3.1-150400.1.32 updated - libsemanage1-3.1-150400.1.30 updated - libsepol1-3.1-150400.1.33 updated - libsmartcols1-2.37.2-150400.4.19 updated - libsystemd0-249.10-150400.1.3 updated - libudev1-249.10-150400.1.3 updated - libuuid1-2.37.2-150400.4.19 updated - libzstd1-1.5.0-150400.1.38 updated - libzypp-17.29.5-150400.1.1 updated - login_defs-4.8.1-150400.8.20 updated - openssl-1_1-1.1.1l-150400.3.11 updated - rpm-config-SUSE-1-150400.12.3 updated - shadow-4.8.1-150400.8.20 updated - sles-release-15.4-150400.43.2 updated - system-group-hardware-20170617-150400.21.52 updated - util-linux-2.37.2-150400.4.19 updated - zypper-1.14.52-150400.1.1 updated From sle-updates at lists.suse.com Thu Mar 10 14:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:19:47 +0100 (CET) Subject: SUSE-RU-2022:0789-1: moderate: Recommended update for update-alternatives Message-ID: <20220310141947.BA755F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for update-alternatives ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0789-1 Rating: moderate References: #1195654 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-789=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-789=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-789=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-789=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): update-alternatives-1.19.0.4-4.3.1 update-alternatives-debuginfo-1.19.0.4-4.3.1 update-alternatives-debugsource-1.19.0.4-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): update-alternatives-1.19.0.4-4.3.1 update-alternatives-debuginfo-1.19.0.4-4.3.1 update-alternatives-debugsource-1.19.0.4-4.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): update-alternatives-1.19.0.4-4.3.1 update-alternatives-debuginfo-1.19.0.4-4.3.1 update-alternatives-debugsource-1.19.0.4-4.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): update-alternatives-1.19.0.4-4.3.1 update-alternatives-debuginfo-1.19.0.4-4.3.1 update-alternatives-debugsource-1.19.0.4-4.3.1 References: https://bugzilla.suse.com/1195654 From sle-updates at lists.suse.com Thu Mar 10 14:20:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:20:53 +0100 (CET) Subject: SUSE-RU-2022:0797-1: moderate: Recommended update for zypp-plugin-spacewalk Message-ID: <20220310142053.6B37EF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypp-plugin-spacewalk ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0797-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Tools 15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for zypp-plugin-spacewalk fixes the following issues: zypp-plugin-spacewalk: - Update to version 1.0.12 * use new encoding function if available Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-797=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-797=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-797=1 Package List: - SUSE Manager Tools 15 (noarch): python3-zypp-plugin-spacewalk-1.0.12-3.29.1 zypp-plugin-spacewalk-1.0.12-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-zypp-plugin-spacewalk-1.0.12-3.29.1 zypp-plugin-spacewalk-1.0.12-3.29.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-zypp-plugin-spacewalk-1.0.12-3.29.1 zypp-plugin-spacewalk-1.0.12-3.29.1 References: From sle-updates at lists.suse.com Thu Mar 10 14:22:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:22:36 +0100 (CET) Subject: SUSE-RU-2022:0794-1: moderate: Recommended update for golang-github-prometheus-prometheus Message-ID: <20220310142236.06F8FF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0794-1 Rating: moderate References: #1196300 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-794=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-1.35.2 References: https://bugzilla.suse.com/1196300 From sle-updates at lists.suse.com Thu Mar 10 14:24:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:24:31 +0100 (CET) Subject: SUSE-RU-2022:0790-1: moderate: Recommended update for pacemaker Message-ID: <20220310142431.8D171F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0790-1 Rating: moderate References: #1191676 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-790=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-790=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.24+20210811.f5abda0ee-3.21.9 libpacemaker3-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.21.9 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.24+20210811.f5abda0ee-3.21.9 libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-cli-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-remote-1.1.24+20210811.f5abda0ee-3.21.9 pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.21.9 References: https://bugzilla.suse.com/1191676 From sle-updates at lists.suse.com Thu Mar 10 14:25:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:25:33 +0100 (CET) Subject: SUSE-RU-2022:0798-1: moderate: Recommended update for SUSE Manager Proxy 4.1 Message-ID: <20220310142533.0AC36F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0798-1 Rating: moderate References: #1191360 #1194363 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.1.17-1 * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-web: - Version 4.1.32-1 * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-798=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): spacecmd-4.1.17-4.36.2 spacewalk-base-minimal-4.1.32-3.42.2 spacewalk-base-minimal-config-4.1.32-3.42.2 References: https://bugzilla.suse.com/1191360 https://bugzilla.suse.com/1194363 From sle-updates at lists.suse.com Thu Mar 10 14:26:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:26:41 +0100 (CET) Subject: SUSE-RU-2022:0795-1: moderate: Recommended update for SUSE Manager 4.1.14 Release Notes Message-ID: <20220310142641.3D79BF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.1.14 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0795-1 Rating: moderate References: #1097531 #1133198 #1190781 #1191360 #1192510 #1192566 #1192822 #1193565 #1194044 #1194363 #1195043 #1195282 Affected Products: SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for SUSE Manager 4.1.14 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.1.14 * Bugs mentioned: bsc#1097531, bsc#1133198, bsc#1190781, bsc#1191360, bsc#1192510, bsc#1192566, bsc#1192822, bsc#1193565, bsc#1194044, bsc#1194363, bsc#1195043, bsc#1195282 Release notes for SUSE Manager proxy: - Update to 4.1.14 * Bugs mentioned: bsc#1191360, bsc#1194363 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-795=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-795=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-795=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): release-notes-susemanager-4.1.14-3.73.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): release-notes-susemanager-proxy-4.1.14-3.53.1 - SUSE Manager Proxy 4.1 (x86_64): release-notes-susemanager-proxy-4.1.14-3.53.1 References: https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1133198 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1191360 https://bugzilla.suse.com/1192510 https://bugzilla.suse.com/1192566 https://bugzilla.suse.com/1192822 https://bugzilla.suse.com/1193565 https://bugzilla.suse.com/1194044 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1195043 https://bugzilla.suse.com/1195282 From sle-updates at lists.suse.com Thu Mar 10 14:28:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:28:49 +0100 (CET) Subject: SUSE-SU-2022:0798-1: moderate: Security update for SUSE Manager Server 4.1 Message-ID: <20220310142849.20592F37A@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0798-1 Rating: moderate References: #1097531 #1133198 #1190781 #1191360 #1192510 #1192566 #1192822 #1193565 #1194044 #1194363 #1194464 #1195043 #1195282 Cross-References: CVE-2018-20433 CVE-2019-5427 CVSS scores: CVE-2018-20433 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20433 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2019-5427 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-5427 (SUSE): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 11 fixes is now available. Description: This update fixes the following issues: c3p0: - Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19 * Address CVE-2018-20433 * Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198) * Properly implement the JDBC 4.1 abort method - Build with log4j mapper - Enhanced for RHEL8 dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c * make routers option optional - Add arm64 support - Update to version 0.1.1615805990.f15c8d9 hub-xmlrpc-api: - Updated to build on Enterprise Linux 8. py26-compat-msgpack-python: - Adapted to build on OBS for Enterprise Linux. py27-compat-salt: - Fix inspector module export function (bsc#1097531) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix the regression with invalid syntax in test_parse_cpe_name_v23. spacecmd: - Version 4.1.17-1 * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-java: - Version 4.1.44-1 * allow SCC to display the last check-in time for registered systems * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360) * Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282) * fix ClassCastException during action processing (bsc#1195043) * Fix disappearing metadata key files after channel change (bsc#1192822) * Pass only selected servers to taskomatic for cancelation (bsc#1194044) spacewalk-web: - Version 4.1.32-1 * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360) susemanager: - Version 4.1.33-1 * set default for registration batch size susemanager-doc-indexes: - Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide - In the Client Configuration Guide, explain how you find channel names to register older SUSE Linux Enterprise clients. - Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client susemanager-docs_en: - Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide - In the Client Configuration Guide, explain how you find channel names to register older SUSE Linux Enterprise clients. - Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client Configuration Guide susemanager-schema: - Version 4.1.25-1 * Continue with index migration when the expected indexes do not exist (bsc#1192566) susemanager-sls: - Version 4.1.34-1 * Improve `pkgset` beacon with using `salt.cache` to notify about the changes made while the minion was stopped. * Align the code of pkgset beacon to prevent warnings (bsc#1194464) - Version 4.1.33-1 * Fix errors on calling sed -E ... by force_restart_minion with action chains * Postgres exporter package was renamed * fix deprecation warnings * enforce correct minion configuration similar to bootstrapping (bsc#1192510) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-798=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-3.9.2 py26-compat-msgpack-python-0.4.6-3.6.2 py26-compat-msgpack-python-debuginfo-0.4.6-3.6.2 py26-compat-msgpack-python-debugsource-0.4.6-3.6.2 susemanager-4.1.33-3.45.2 susemanager-tools-4.1.33-3.45.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): c3p0-0.9.5.5-3.3.2 dhcpd-formula-0.1.1641480250.d5bd14c-3.3.2 py27-compat-salt-3000.3-6.21.2 spacecmd-4.1.17-4.36.2 spacewalk-base-4.1.32-3.42.2 spacewalk-base-minimal-4.1.32-3.42.2 spacewalk-base-minimal-config-4.1.32-3.42.2 spacewalk-html-4.1.32-3.42.2 spacewalk-java-4.1.44-3.66.2 spacewalk-java-config-4.1.44-3.66.2 spacewalk-java-lib-4.1.44-3.66.2 spacewalk-java-postgresql-4.1.44-3.66.2 spacewalk-taskomatic-4.1.44-3.66.2 susemanager-doc-indexes-4.1-11.52.2 susemanager-docs_en-4.1-11.52.2 susemanager-docs_en-pdf-4.1-11.52.2 susemanager-schema-4.1.25-3.42.2 susemanager-sls-4.1.34-3.59.2 susemanager-web-libs-4.1.32-3.42.2 uyuni-config-modules-4.1.34-3.59.2 References: https://www.suse.com/security/cve/CVE-2018-20433.html https://www.suse.com/security/cve/CVE-2019-5427.html https://bugzilla.suse.com/1097531 https://bugzilla.suse.com/1133198 https://bugzilla.suse.com/1190781 https://bugzilla.suse.com/1191360 https://bugzilla.suse.com/1192510 https://bugzilla.suse.com/1192566 https://bugzilla.suse.com/1192822 https://bugzilla.suse.com/1193565 https://bugzilla.suse.com/1194044 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194464 https://bugzilla.suse.com/1195043 https://bugzilla.suse.com/1195282 From sle-updates at lists.suse.com Thu Mar 10 14:31:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:31:31 +0100 (CET) Subject: SUSE-RU-2022:0787-1: moderate: Recommended update for openldap2 Message-ID: <20220310143131.55E74F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0787-1 Rating: moderate References: PM-3288 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-787=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-787=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-787=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-787=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-787=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-787=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libldap-data-2.4.46-9.61.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libldap-2_4-2-2.4.46-9.61.1 libldap-2_4-2-32bit-2.4.46-9.61.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.61.1 libldap-2_4-2-debuginfo-2.4.46-9.61.1 openldap2-client-2.4.46-9.61.1 openldap2-client-debuginfo-2.4.46-9.61.1 openldap2-debugsource-2.4.46-9.61.1 openldap2-devel-2.4.46-9.61.1 openldap2-devel-32bit-2.4.46-9.61.1 openldap2-devel-static-2.4.46-9.61.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.61.1 openldap2-back-meta-2.4.46-9.61.1 openldap2-back-meta-debuginfo-2.4.46-9.61.1 openldap2-back-perl-2.4.46-9.61.1 openldap2-back-perl-debuginfo-2.4.46-9.61.1 openldap2-contrib-2.4.46-9.61.1 openldap2-contrib-debuginfo-2.4.46-9.61.1 openldap2-debuginfo-2.4.46-9.61.1 openldap2-debugsource-2.4.46-9.61.1 openldap2-ppolicy-check-password-1.2-9.61.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): openldap2-debugsource-2.4.46-9.61.1 openldap2-devel-32bit-2.4.46-9.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.61.1 libldap-2_4-2-debuginfo-2.4.46-9.61.1 openldap2-client-2.4.46-9.61.1 openldap2-client-debuginfo-2.4.46-9.61.1 openldap2-debuginfo-2.4.46-9.61.1 openldap2-debugsource-2.4.46-9.61.1 openldap2-devel-2.4.46-9.61.1 openldap2-devel-static-2.4.46-9.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libldap-data-2.4.46-9.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldap-2_4-2-32bit-2.4.46-9.61.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.61.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libldap-2_4-2-2.4.46-9.61.1 libldap-2_4-2-debuginfo-2.4.46-9.61.1 openldap2-debuginfo-2.4.46-9.61.1 openldap2-debugsource-2.4.46-9.61.1 - SUSE Linux Enterprise Micro 5.1 (noarch): libldap-data-2.4.46-9.61.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libldap-2_4-2-2.4.46-9.61.1 libldap-2_4-2-debuginfo-2.4.46-9.61.1 openldap2-debuginfo-2.4.46-9.61.1 openldap2-debugsource-2.4.46-9.61.1 - SUSE Linux Enterprise Micro 5.0 (noarch): libldap-data-2.4.46-9.61.1 References: From sle-updates at lists.suse.com Thu Mar 10 14:33:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:33:07 +0100 (CET) Subject: SUSE-RU-2022:0785-1: moderate: Recommended update for suse-build-key Message-ID: <20220310143307.85371F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0785-1 Rating: moderate References: #1194845 #1196494 #1196495 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suse-build-key fixes the following issues: - Extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - Added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended expiry of SUSE SLES11 key (bsc#1194845) - Added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) - Removed old security key. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-785=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-785=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-785=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-785=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-785=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-785=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-785=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-785=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-785=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-785=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-785=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-785=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): suse-build-key-12.0-7.15.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): suse-build-key-12.0-7.15.1 - SUSE OpenStack Cloud 9 (noarch): suse-build-key-12.0-7.15.1 - SUSE OpenStack Cloud 8 (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): suse-build-key-12.0-7.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): suse-build-key-12.0-7.15.1 - HPE Helion Openstack 8 (noarch): suse-build-key-12.0-7.15.1 References: https://bugzilla.suse.com/1194845 https://bugzilla.suse.com/1196494 https://bugzilla.suse.com/1196495 From sle-updates at lists.suse.com Thu Mar 10 14:34:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:34:42 +0100 (CET) Subject: SUSE-RU-2022:0792-1: moderate: Recommended update for suse-build-key Message-ID: <20220310143442.11026F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0792-1 Rating: moderate References: #1194845 #1196494 #1196495 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-792=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-792=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-792=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-792=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-792=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-792=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-792=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-792=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-792=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-792=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-792=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-792=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-792=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-792=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-792=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-792=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-792=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-792=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-792=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-792=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-792=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-792=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-792=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-792=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (noarch): suse-build-key-12.0-8.19.1 - SUSE Manager Retail Branch Server 4.1 (noarch): suse-build-key-12.0-8.19.1 - SUSE Manager Proxy 4.1 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Micro 5.1 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise Micro 5.0 (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): suse-build-key-12.0-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): suse-build-key-12.0-8.19.1 - SUSE Enterprise Storage 7 (noarch): suse-build-key-12.0-8.19.1 - SUSE Enterprise Storage 6 (noarch): suse-build-key-12.0-8.19.1 - SUSE CaaS Platform 4.0 (noarch): suse-build-key-12.0-8.19.1 References: https://bugzilla.suse.com/1194845 https://bugzilla.suse.com/1196494 https://bugzilla.suse.com/1196495 From sle-updates at lists.suse.com Thu Mar 10 14:36:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:36:16 +0100 (CET) Subject: SUSE-RU-2022:0788-1: moderate: Recommended update for libzypp, zypper Message-ID: <20220310143616.DDABDF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0788-1 Rating: moderate References: #1195326 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-788=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-788=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-788=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-788=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-788=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-788=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-788=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-788=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-788=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-788=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-788=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-788=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-788=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-788=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Manager Server 4.1 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Manager Retail Branch Server 4.1 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Manager Proxy 4.1 (x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Manager Proxy 4.1 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Micro 5.1 (noarch): zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Micro 5.0 (noarch): zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.29.4-31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 libzypp-devel-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Enterprise Storage 7 (noarch): zypper-log-1.14.51-27.1 zypper-needs-restarting-1.14.51-27.1 References: https://bugzilla.suse.com/1195326 From sle-updates at lists.suse.com Thu Mar 10 14:37:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:37:27 +0100 (CET) Subject: SUSE-RU-2022:0793-1: moderate: Recommended update for golang-github-prometheus-prometheus Message-ID: <20220310143727.B3F74F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0793-1 Rating: moderate References: #1196300 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-793=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-3.38.1 References: https://bugzilla.suse.com/1196300 From sle-updates at lists.suse.com Thu Mar 10 14:38:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:38:45 +0100 (CET) Subject: SUSE-RU-2022:0791-1: moderate: Recommended update for scap-security-guide Message-ID: <20220310143845.03FAFF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0791-1 Rating: moderate References: ECO-3319 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide (ComplianceAsCode) was updated to 0.1.60 (jsc#ECO-3319) - Various bugfixes - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product Note that SUSE only supports for SUSE Linux Enterprise 12 and 15: - STIG profiles - HIPAA profiles - PCI-DSS profiles The CIS profile is community supplied and currently not supported by SUSE. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-791=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-791=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-791=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-791=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-791=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-791=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-791=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-791=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-791=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-791=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-791=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-791=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-791=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-791=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-791=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-791=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-791=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-791=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-791=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-791=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-791=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-791=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Manager Retail Branch Server 4.1 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Manager Proxy 4.1 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Enterprise Storage 7 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.60-1.29.1 scap-security-guide-debian-0.1.60-1.29.1 scap-security-guide-redhat-0.1.60-1.29.1 scap-security-guide-ubuntu-0.1.60-1.29.1 References: From sle-updates at lists.suse.com Thu Mar 10 14:40:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 15:40:01 +0100 (CET) Subject: SUSE-RU-2022:0796-1: moderate: Recommended update for golang-github-prometheus-prometheus Message-ID: <20220310144001.2E979F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0796-1 Rating: moderate References: #1196300 Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-prometheus fixes the following issues: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-796=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-796=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-796=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-4.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-prometheus-2.32.1-4.6.1 References: https://bugzilla.suse.com/1196300 From sle-updates at lists.suse.com Thu Mar 10 17:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 18:18:16 +0100 (CET) Subject: SUSE-RU-2022:0799-1: moderate: Recommended update for sssd Message-ID: <20220310171816.D056EF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0799-1 Rating: moderate References: #1182058 #1195552 #1196166 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common to fix bsc#1182058 and baselibs.conf was not updated accordingly; (bsc#1196166); Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-799=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-799=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150300.23.23.1 libipa_hbac0-1.16.1-150300.23.23.1 libipa_hbac0-debuginfo-1.16.1-150300.23.23.1 libsss_certmap-devel-1.16.1-150300.23.23.1 libsss_certmap0-1.16.1-150300.23.23.1 libsss_certmap0-debuginfo-1.16.1-150300.23.23.1 libsss_idmap-devel-1.16.1-150300.23.23.1 libsss_idmap0-1.16.1-150300.23.23.1 libsss_idmap0-debuginfo-1.16.1-150300.23.23.1 libsss_nss_idmap-devel-1.16.1-150300.23.23.1 libsss_nss_idmap0-1.16.1-150300.23.23.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.23.1 libsss_simpleifp-devel-1.16.1-150300.23.23.1 libsss_simpleifp0-1.16.1-150300.23.23.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.23.1 python3-sssd-config-1.16.1-150300.23.23.1 python3-sssd-config-debuginfo-1.16.1-150300.23.23.1 sssd-1.16.1-150300.23.23.1 sssd-ad-1.16.1-150300.23.23.1 sssd-ad-debuginfo-1.16.1-150300.23.23.1 sssd-common-1.16.1-150300.23.23.1 sssd-common-debuginfo-1.16.1-150300.23.23.1 sssd-dbus-1.16.1-150300.23.23.1 sssd-dbus-debuginfo-1.16.1-150300.23.23.1 sssd-debugsource-1.16.1-150300.23.23.1 sssd-ipa-1.16.1-150300.23.23.1 sssd-ipa-debuginfo-1.16.1-150300.23.23.1 sssd-krb5-1.16.1-150300.23.23.1 sssd-krb5-common-1.16.1-150300.23.23.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.23.1 sssd-krb5-debuginfo-1.16.1-150300.23.23.1 sssd-ldap-1.16.1-150300.23.23.1 sssd-ldap-debuginfo-1.16.1-150300.23.23.1 sssd-proxy-1.16.1-150300.23.23.1 sssd-proxy-debuginfo-1.16.1-150300.23.23.1 sssd-tools-1.16.1-150300.23.23.1 sssd-tools-debuginfo-1.16.1-150300.23.23.1 sssd-winbind-idmap-1.16.1-150300.23.23.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): sssd-common-32bit-1.16.1-150300.23.23.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.23.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.23.1 libsss_certmap0-debuginfo-1.16.1-150300.23.23.1 libsss_idmap0-1.16.1-150300.23.23.1 libsss_idmap0-debuginfo-1.16.1-150300.23.23.1 libsss_nss_idmap0-1.16.1-150300.23.23.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.23.1 sssd-1.16.1-150300.23.23.1 sssd-common-1.16.1-150300.23.23.1 sssd-common-debuginfo-1.16.1-150300.23.23.1 sssd-debugsource-1.16.1-150300.23.23.1 sssd-krb5-common-1.16.1-150300.23.23.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.23.1 sssd-ldap-1.16.1-150300.23.23.1 sssd-ldap-debuginfo-1.16.1-150300.23.23.1 References: https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1195552 https://bugzilla.suse.com/1196166 From sle-updates at lists.suse.com Thu Mar 10 17:20:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 18:20:13 +0100 (CET) Subject: SUSE-RU-2022:0800-1: moderate: Recommended update for sssd Message-ID: <20220310172013.1B989F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0800-1 Rating: moderate References: #1182058 #1190775 #1196166 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fix 32-bit libraries package as libraries were moved from sssd to sssd-common (bsc#1182058 bsc#1196166); - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte; (bsc#1190775) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-800=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-800=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.33.1 libsss_idmap-devel-1.16.1-7.33.1 libsss_nss_idmap-devel-1.16.1-7.33.1 sssd-debugsource-1.16.1-7.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.33.1 libipa_hbac0-debuginfo-1.16.1-7.33.1 libsss_certmap0-1.16.1-7.33.1 libsss_certmap0-debuginfo-1.16.1-7.33.1 libsss_idmap0-1.16.1-7.33.1 libsss_idmap0-debuginfo-1.16.1-7.33.1 libsss_nss_idmap0-1.16.1-7.33.1 libsss_nss_idmap0-debuginfo-1.16.1-7.33.1 libsss_simpleifp0-1.16.1-7.33.1 libsss_simpleifp0-debuginfo-1.16.1-7.33.1 python-sssd-config-1.16.1-7.33.1 python-sssd-config-debuginfo-1.16.1-7.33.1 sssd-1.16.1-7.33.1 sssd-ad-1.16.1-7.33.1 sssd-ad-debuginfo-1.16.1-7.33.1 sssd-common-1.16.1-7.33.1 sssd-common-debuginfo-1.16.1-7.33.1 sssd-dbus-1.16.1-7.33.1 sssd-dbus-debuginfo-1.16.1-7.33.1 sssd-debugsource-1.16.1-7.33.1 sssd-ipa-1.16.1-7.33.1 sssd-ipa-debuginfo-1.16.1-7.33.1 sssd-krb5-1.16.1-7.33.1 sssd-krb5-common-1.16.1-7.33.1 sssd-krb5-common-debuginfo-1.16.1-7.33.1 sssd-krb5-debuginfo-1.16.1-7.33.1 sssd-ldap-1.16.1-7.33.1 sssd-ldap-debuginfo-1.16.1-7.33.1 sssd-proxy-1.16.1-7.33.1 sssd-proxy-debuginfo-1.16.1-7.33.1 sssd-tools-1.16.1-7.33.1 sssd-tools-debuginfo-1.16.1-7.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-common-32bit-1.16.1-7.33.1 sssd-common-debuginfo-32bit-1.16.1-7.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.33.1 References: https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1190775 https://bugzilla.suse.com/1196166 From sle-updates at lists.suse.com Thu Mar 10 20:19:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 21:19:28 +0100 (CET) Subject: SUSE-SU-2022:0804-1: important: Security update for MozillaThunderbird Message-ID: <20220310201928.04054F37A@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0804-1 Rating: important References: #1196809 Cross-References: CVE-2022-26485 CVE-2022-26486 CVSS scores: CVE-2022-26485 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26486 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 91.6.2 (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-804=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-804=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.6.2-8.59.1 MozillaThunderbird-debuginfo-91.6.2-8.59.1 MozillaThunderbird-debugsource-91.6.2-8.59.1 MozillaThunderbird-translations-common-91.6.2-8.59.1 MozillaThunderbird-translations-other-91.6.2-8.59.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.6.2-8.59.1 MozillaThunderbird-debuginfo-91.6.2-8.59.1 MozillaThunderbird-debugsource-91.6.2-8.59.1 MozillaThunderbird-translations-common-91.6.2-8.59.1 MozillaThunderbird-translations-other-91.6.2-8.59.1 References: https://www.suse.com/security/cve/CVE-2022-26485.html https://www.suse.com/security/cve/CVE-2022-26486.html https://bugzilla.suse.com/1196809 From sle-updates at lists.suse.com Thu Mar 10 20:21:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 21:21:32 +0100 (CET) Subject: SUSE-SU-2022:0803-1: important: Security update for python-lxml Message-ID: <20220310202132.458A5F37A@maintenance.suse.de> SUSE Security Update: Security update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0803-1 Rating: important References: #1118088 #1179534 #1184177 #1193752 Cross-References: CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-43818 CVSS scores: CVE-2018-19787 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-19787 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2020-27783 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-27783 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-43818 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-43818 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-803=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-803=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-803=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-803=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-803=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-803=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-803=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-803=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-803=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-803=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-803=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-803=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-803=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Manager Proxy 4.1 (x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-lxml-debuginfo-4.7.1-3.7.1 python-lxml-debugsource-4.7.1-3.7.1 python2-lxml-4.7.1-3.7.1 python2-lxml-debuginfo-4.7.1-3.7.1 python2-lxml-devel-4.7.1-3.7.1 python3-lxml-4.7.1-3.7.1 python3-lxml-debuginfo-4.7.1-3.7.1 python3-lxml-devel-4.7.1-3.7.1 References: https://www.suse.com/security/cve/CVE-2018-19787.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-43818.html https://bugzilla.suse.com/1118088 https://bugzilla.suse.com/1179534 https://bugzilla.suse.com/1184177 https://bugzilla.suse.com/1193752 From sle-updates at lists.suse.com Thu Mar 10 20:23:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 21:23:42 +0100 (CET) Subject: SUSE-RU-2022:0801-1: moderate: Recommended update for python36-pip Message-ID: <20220310202342.233F5F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36-pip ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0801-1 Rating: moderate References: #1195755 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python36-pip fixes the following issues: - Don't provide /usr/bin/pip3 to avoid conflict with python3-pip (bsc#1195755). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-801=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python36-pip-20.2.4-8.12.1 References: https://bugzilla.suse.com/1195755 From sle-updates at lists.suse.com Thu Mar 10 20:24:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 21:24:52 +0100 (CET) Subject: SUSE-SU-2022:0805-1: important: Security update for openssh Message-ID: <20220310202453.00E21F37A@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0805-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-805=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-805=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-805=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-805=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-805=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-805=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-805=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-805=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-805=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-805=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-805=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Manager Proxy 4.1 (x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): openssh-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): openssh-8.1p1-5.21.1 openssh-askpass-gnome-8.1p1-5.21.1 openssh-askpass-gnome-debuginfo-8.1p1-5.21.1 openssh-askpass-gnome-debugsource-8.1p1-5.21.1 openssh-debuginfo-8.1p1-5.21.1 openssh-debugsource-8.1p1-5.21.1 openssh-fips-8.1p1-5.21.1 openssh-helpers-8.1p1-5.21.1 openssh-helpers-debuginfo-8.1p1-5.21.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Thu Mar 10 20:26:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Mar 2022 21:26:18 +0100 (CET) Subject: SUSE-SU-2022:0802-1: important: Security update for python-libxml2-python Message-ID: <20220310202618.7A1CCF37A@maintenance.suse.de> SUSE Security Update: Security update for python-libxml2-python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0802-1 Rating: important References: #1196490 Cross-References: CVE-2022-23308 CVSS scores: CVE-2022-23308 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-802=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-802=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-802=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-802=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-802=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-802=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-802=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-802=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-802=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-802=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-802=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-802=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-802=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-802=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-802=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-802=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-802=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-802=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-802=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-802=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-802=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-802=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Manager Proxy 4.1 (x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 - SUSE CaaS Platform 4.0 (x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python2-libxml2-python-2.9.7-3.40.1 python2-libxml2-python-debuginfo-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 References: https://www.suse.com/security/cve/CVE-2022-23308.html https://bugzilla.suse.com/1196490 From sle-updates at lists.suse.com Fri Mar 11 08:06:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 09:06:43 +0100 (CET) Subject: SUSE-CU-2022:271-1: Recommended update of suse/sles12sp3 Message-ID: <20220311080643.EFB17F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:271-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.361 , suse/sles12sp3:latest Container Release : 24.361 Severity : moderate Type : recommended References : 1194845 1196494 1196495 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:785-1 Released: Thu Mar 10 09:53:23 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - Extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - Added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended expiry of SUSE SLES11 key (bsc#1194845) - Added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) - Removed old security key. The following package changes have been done: - suse-build-key-12.0-7.15.1 updated From sle-updates at lists.suse.com Fri Mar 11 08:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 09:18:07 +0100 (CET) Subject: SUSE-RU-2022:0807-1: important: Recommended update for powerpc-utils Message-ID: <20220311081807.2698EF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0807-1 Rating: important References: #1196411 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix lsslot showing "Unknown slot type" for recent PCIe slot types (bsc#1196411) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-807=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.9-8.11.1 powerpc-utils-debuginfo-1.3.9-8.11.1 powerpc-utils-debugsource-1.3.9-8.11.1 References: https://bugzilla.suse.com/1196411 From sle-updates at lists.suse.com Fri Mar 11 08:20:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 09:20:09 +0100 (CET) Subject: SUSE-RU-2022:0808-1: moderate: Recommended update for procps Message-ID: <20220311082009.0624DF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0808-1 Rating: moderate References: #1195468 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-808=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-808=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-808=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-808=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libprocps7-3.3.15-7.22.1 libprocps7-debuginfo-3.3.15-7.22.1 procps-3.3.15-7.22.1 procps-debuginfo-3.3.15-7.22.1 procps-debugsource-3.3.15-7.22.1 procps-devel-3.3.15-7.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-7.22.1 libprocps7-debuginfo-3.3.15-7.22.1 procps-3.3.15-7.22.1 procps-debuginfo-3.3.15-7.22.1 procps-debugsource-3.3.15-7.22.1 procps-devel-3.3.15-7.22.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libprocps7-3.3.15-7.22.1 libprocps7-debuginfo-3.3.15-7.22.1 procps-3.3.15-7.22.1 procps-debuginfo-3.3.15-7.22.1 procps-debugsource-3.3.15-7.22.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libprocps7-3.3.15-7.22.1 libprocps7-debuginfo-3.3.15-7.22.1 procps-3.3.15-7.22.1 procps-debuginfo-3.3.15-7.22.1 procps-debugsource-3.3.15-7.22.1 References: https://bugzilla.suse.com/1195468 From sle-updates at lists.suse.com Fri Mar 11 08:21:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 09:21:13 +0100 (CET) Subject: SUSE-RU-2022:0806-1: important: Recommended update for powerpc-utils Message-ID: <20220311082113.090C5F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0806-1 Rating: important References: #1196411 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix lsslot showing "Unknown slot type" for recent PCIe slot types (bsc#1196411) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-806=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): powerpc-utils-1.3.9-150300.9.20.1 powerpc-utils-debuginfo-1.3.9-150300.9.20.1 powerpc-utils-debugsource-1.3.9-150300.9.20.1 References: https://bugzilla.suse.com/1196411 From sle-updates at lists.suse.com Fri Mar 11 17:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 18:17:34 +0100 (CET) Subject: SUSE-SU-2022:14906-1: important: Security update for MozillaFirefox Message-ID: <20220311171734.2F515F37D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14906-1 Rating: important References: #1196809 #1196900 Cross-References: CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 CVSS scores: CVE-2022-26485 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26486 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14906=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14906=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-91.7.0-78.167.1 MozillaFirefox-translations-common-91.7.0-78.167.1 MozillaFirefox-translations-other-91.7.0-78.167.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-91.7.0-78.167.1 References: https://www.suse.com/security/cve/CVE-2022-26381.html https://www.suse.com/security/cve/CVE-2022-26383.html https://www.suse.com/security/cve/CVE-2022-26384.html https://www.suse.com/security/cve/CVE-2022-26386.html https://www.suse.com/security/cve/CVE-2022-26387.html https://www.suse.com/security/cve/CVE-2022-26485.html https://www.suse.com/security/cve/CVE-2022-26486.html https://bugzilla.suse.com/1196809 https://bugzilla.suse.com/1196900 From sle-updates at lists.suse.com Fri Mar 11 17:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 18:18:46 +0100 (CET) Subject: SUSE-SU-2022:0810-1: moderate: Security update for tomcat Message-ID: <20220311171846.424B7F37D@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0810-1 Rating: moderate References: #1196137 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: - Remove hard log4j dependency, as it is not required by tomcat itself (bsc#1196137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-810=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-810=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-810=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-810=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 References: https://bugzilla.suse.com/1196137 From sle-updates at lists.suse.com Fri Mar 11 20:17:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Mar 2022 21:17:55 +0100 (CET) Subject: SUSE-SU-2022:0811-1: important: Security update for webkit2gtk3 Message-ID: <20220311201755.632C6F37A@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0811-1 Rating: important References: #1196133 Cross-References: CVE-2022-22620 CVSS scores: CVE-2022-22620 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-811=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-811=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-811=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-811=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-811=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-811=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-811=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-811=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-811=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-811=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-811=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-811=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-811=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 webkit2gtk3-devel-2.34.6-2.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 webkit2gtk3-devel-2.34.6-2.88.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.34.6-2.88.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.6-2.88.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.6-2.88.1 libwebkit2gtk-4_0-37-2.34.6-2.88.1 libwebkit2gtk-4_0-37-debuginfo-2.34.6-2.88.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2-4_0-2.34.6-2.88.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-2.34.6-2.88.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.6-2.88.1 webkit2gtk3-debugsource-2.34.6-2.88.1 References: https://www.suse.com/security/cve/CVE-2022-22620.html https://bugzilla.suse.com/1196133 From sle-updates at lists.suse.com Sat Mar 12 07:31:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Mar 2022 08:31:33 +0100 (CET) Subject: SUSE-IU-2022:357-1: Security update of suse-sles-15-sp3-chost-byos-v20220310-gen2 Message-ID: <20220312073133.A786AF37A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220310-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:357-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220310-gen2:20220310 Image Release : Severity : important Type : security References : 1089644 1154353 1157038 1157923 1176447 1176804 1176940 1177598 1178134 1181147 1181588 1181640 1181703 1182998 1183872 1187512 1187716 1188348 1188404 1188507 1188520 1188914 1189126 1190447 1190533 1190570 1190812 1190972 1191580 1191655 1191741 1191893 1192210 1192478 1192481 1192483 1192862 1192954 1193096 1193166 1193233 1193243 1193273 1193294 1193298 1193632 1193787 1194163 1194216 1194265 1194556 1194669 1194845 1194967 1194976 1195004 1195012 1195066 1195081 1195095 1195096 1195126 1195202 1195286 1195326 1195352 1195356 1195378 1195506 1195516 1195543 1195654 1195668 1195701 1195798 1195799 1195823 1195825 1195908 1195928 1195947 1195957 1195995 1196025 1196026 1196036 1196167 1196168 1196169 1196171 1196195 1196235 1196339 1196373 1196400 1196403 1196441 1196494 1196495 1196516 1196584 1196585 1196601 1196612 1196776 1196825 CVE-2018-16301 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-3995 CVE-2021-3996 CVE-2021-4019 CVE-2021-4024 CVE-2021-41190 CVE-2021-4193 CVE-2021-4209 CVE-2021-46059 CVE-2022-0001 CVE-2022-0002 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-23648 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-25375 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220310-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:604-1 Released: Tue Mar 1 07:13:50 2022 Summary: Recommended update for rsyslog Type: recommended Severity: low References: 1194669 This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:711-1 Released: Fri Mar 4 09:15:11 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:760-1 Released: Tue Mar 8 19:06:23 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:775-1 Released: Wed Mar 9 12:55:03 2022 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1192862 This update for pciutils fixes the following issues: - Report the theoretical speeds for PCIe 5.0 and 6.0 (bsc#1192862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) The following package changes have been done: - containerd-ctr-1.4.12-63.1 updated - containerd-1.4.12-63.1 updated - filesystem-15.0-11.5.1 updated - kernel-default-5.3.18-150300.59.54.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.36.2-150300.4.14.3 updated - libpci3-3.5.6-150300.13.3.1 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - libzypp-17.29.4-31.1 updated - login_defs-4.8.1-150300.4.3.8 updated - pciutils-3.5.6-150300.13.3.1 updated - rsyslog-8.2106.0-4.22.1 updated - shadow-4.8.1-150300.4.3.8 updated - sudo-1.9.5p2-150300.3.3.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - suse-build-key-12.0-8.19.1 updated - tcpdump-4.9.2-3.18.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.36.2-150300.4.14.2 updated - util-linux-2.36.2-150300.4.14.3 updated - vim-data-common-8.0.1568-5.17.1 updated - vim-8.0.1568-5.17.1 updated - zypper-1.14.51-27.1 updated From sle-updates at lists.suse.com Sat Mar 12 07:33:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Mar 2022 08:33:17 +0100 (CET) Subject: SUSE-IU-2022:358-1: Security update of suse-sles-15-sp3-chost-byos-v20220310-hvm-ssd-x86_64 Message-ID: <20220312073317.22365F37A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220310-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:358-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220310-hvm-ssd-x86_64:20220310 Image Release : Severity : important Type : security References : 1089644 1154353 1157038 1157923 1176447 1176804 1176940 1177598 1178134 1181147 1181588 1181640 1181703 1182998 1183872 1187512 1187716 1188348 1188404 1188507 1188520 1188914 1189126 1190447 1190533 1190570 1190812 1190972 1191580 1191655 1191741 1191893 1192210 1192478 1192481 1192483 1192862 1192954 1193096 1193166 1193233 1193243 1193273 1193294 1193298 1193632 1193787 1194163 1194216 1194265 1194556 1194669 1194845 1194967 1194976 1195004 1195012 1195066 1195081 1195095 1195096 1195126 1195202 1195286 1195326 1195352 1195356 1195378 1195506 1195516 1195543 1195654 1195668 1195701 1195798 1195799 1195823 1195825 1195908 1195928 1195947 1195957 1195995 1196025 1196026 1196036 1196167 1196168 1196169 1196171 1196195 1196235 1196339 1196373 1196400 1196403 1196441 1196494 1196495 1196516 1196584 1196585 1196601 1196612 1196776 1196825 CVE-2018-16301 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-3995 CVE-2021-3996 CVE-2021-4019 CVE-2021-4024 CVE-2021-41190 CVE-2021-4193 CVE-2021-4209 CVE-2021-46059 CVE-2022-0001 CVE-2022-0002 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-23648 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-25375 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220310-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:604-1 Released: Tue Mar 1 07:13:50 2022 Summary: Recommended update for rsyslog Type: recommended Severity: low References: 1194669 This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:711-1 Released: Fri Mar 4 09:15:11 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:760-1 Released: Tue Mar 8 19:06:23 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:775-1 Released: Wed Mar 9 12:55:03 2022 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1192862 This update for pciutils fixes the following issues: - Report the theoretical speeds for PCIe 5.0 and 6.0 (bsc#1192862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) The following package changes have been done: - containerd-ctr-1.4.12-63.1 updated - containerd-1.4.12-63.1 updated - filesystem-15.0-11.5.1 updated - kernel-default-5.3.18-150300.59.54.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.36.2-150300.4.14.3 updated - libpci3-3.5.6-150300.13.3.1 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - libzypp-17.29.4-31.1 updated - login_defs-4.8.1-150300.4.3.8 updated - pciutils-3.5.6-150300.13.3.1 updated - rsyslog-8.2106.0-4.22.1 updated - shadow-4.8.1-150300.4.3.8 updated - sudo-1.9.5p2-150300.3.3.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - suse-build-key-12.0-8.19.1 updated - tcpdump-4.9.2-3.18.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.36.2-150300.4.14.2 updated - util-linux-2.36.2-150300.4.14.3 updated - vim-data-common-8.0.1568-5.17.1 updated - vim-8.0.1568-5.17.1 updated - zypper-1.14.51-27.1 updated From sle-updates at lists.suse.com Sat Mar 12 07:35:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Mar 2022 08:35:07 +0100 (CET) Subject: SUSE-IU-2022:359-1: Security update of sles-15-sp3-chost-byos-v20220310 Message-ID: <20220312073507.86B3BF37A@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220310 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:359-1 Image Tags : sles-15-sp3-chost-byos-v20220310:20220310 Image Release : Severity : important Type : security References : 1089644 1154353 1157038 1157923 1176447 1176804 1176940 1177598 1178134 1181147 1181588 1181640 1181703 1182998 1183872 1187512 1187716 1188348 1188404 1188507 1188520 1188914 1189126 1190447 1190533 1190570 1190812 1190972 1191580 1191655 1191741 1191893 1192210 1192478 1192481 1192483 1192862 1192954 1193096 1193166 1193233 1193243 1193273 1193294 1193298 1193632 1193787 1194163 1194216 1194265 1194556 1194669 1194845 1194967 1194976 1195004 1195012 1195066 1195081 1195095 1195096 1195126 1195202 1195286 1195326 1195352 1195356 1195378 1195506 1195516 1195543 1195654 1195668 1195701 1195798 1195799 1195823 1195825 1195908 1195928 1195947 1195957 1195995 1196025 1196026 1196036 1196167 1196168 1196169 1196171 1196195 1196235 1196339 1196373 1196400 1196403 1196441 1196494 1196495 1196516 1196584 1196585 1196601 1196612 1196776 1196825 CVE-2018-16301 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-3602 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-3995 CVE-2021-3996 CVE-2021-4019 CVE-2021-4024 CVE-2021-41190 CVE-2021-4193 CVE-2021-4209 CVE-2021-46059 CVE-2022-0001 CVE-2022-0002 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-23648 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-25375 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220310 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:604-1 Released: Tue Mar 1 07:13:50 2022 Summary: Recommended update for rsyslog Type: recommended Severity: low References: 1194669 This update for rsyslog fixes the following issues: - update config example in remote.conf to match upstream documentation (bsc#1194669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:682-1 Released: Thu Mar 3 11:37:03 2022 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: important References: 1195095,1195096 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.6 (bsc#1195095, bsc#1195096) - Include cloud-init logs whenever they are present - Update the packages we track in AWS, Azure, and Google - Include the ecs logs for AWS ECS instances ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:711-1 Released: Fri Mar 4 09:15:11 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:720-1 Released: Fri Mar 4 10:20:28 2022 Summary: Security update for containerd Type: security Severity: moderate References: 1196441,CVE-2022-23648 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:760-1 Released: Tue Mar 8 19:06:23 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1089644,1154353,1157038,1157923,1176447,1176940,1178134,1181147,1181588,1183872,1187716,1188404,1189126,1190812,1190972,1191580,1191655,1191741,1192210,1192483,1193096,1193233,1193243,1193787,1194163,1194967,1195012,1195081,1195286,1195352,1195378,1195506,1195516,1195543,1195668,1195701,1195798,1195799,1195823,1195908,1195928,1195947,1195957,1195995,1196195,1196235,1196339,1196373,1196400,1196403,1196516,1196584,1196585,1196601,1196612,1196776,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0516,CVE-2022-0847,CVE-2022-25375 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:775-1 Released: Wed Mar 9 12:55:03 2022 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1192862 This update for pciutils fixes the following issues: - Report the theoretical speeds for PCIe 5.0 and 6.0 (bsc#1192862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) The following package changes have been done: - containerd-ctr-1.4.12-63.1 updated - containerd-1.4.12-63.1 updated - filesystem-15.0-11.5.1 updated - kernel-default-5.3.18-150300.59.54.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.36.2-150300.4.14.3 updated - libpci3-3.5.6-150300.13.3.1 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - libzypp-17.29.4-31.1 updated - login_defs-4.8.1-150300.4.3.8 updated - pciutils-3.5.6-150300.13.3.1 updated - rsyslog-8.2106.0-4.22.1 updated - shadow-4.8.1-150300.4.3.8 updated - sudo-1.9.5p2-150300.3.3.1 updated - supportutils-plugin-suse-public-cloud-1.0.6-3.9.1 updated - suse-build-key-12.0-8.19.1 updated - tcpdump-4.9.2-3.18.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.36.2-150300.4.14.2 updated - util-linux-2.36.2-150300.4.14.3 updated - vim-data-common-8.0.1568-5.17.1 updated - vim-8.0.1568-5.17.1 updated - zypper-1.14.51-27.1 updated From sle-updates at lists.suse.com Sat Mar 12 08:16:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Mar 2022 09:16:27 +0100 (CET) Subject: SUSE-CU-2022:272-1: Recommended update of suse/sles12sp4 Message-ID: <20220312081627.09749F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:272-1 Container Tags : suse/sles12sp4:26.420 , suse/sles12sp4:latest Container Release : 26.420 Severity : moderate Type : recommended References : 1194845 1196494 1196495 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:785-1 Released: Thu Mar 10 09:53:23 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - Extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - Added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended expiry of SUSE SLES11 key (bsc#1194845) - Added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) - Removed old security key. The following package changes have been done: - base-container-licenses-3.0-1.271 updated - suse-build-key-12.0-7.15.1 updated From sle-updates at lists.suse.com Mon Mar 14 08:24:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 09:24:55 +0100 (CET) Subject: SUSE-CU-2022:273-1: Recommended update of suse/sle15 Message-ID: <20220314082455.C2CF7F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:273-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.521 Container Release : 4.22.521 Severity : moderate Type : recommended References : 1194845 1196494 1196495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) The following package changes have been done: - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - suse-build-key-12.0-8.19.1 updated From sle-updates at lists.suse.com Mon Mar 14 08:25:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 09:25:12 +0100 (CET) Subject: SUSE-CU-2022:274-1: Recommended update of suse/sle15 Message-ID: <20220314082512.17AF8F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:274-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.522 Container Release : 4.22.522 Severity : moderate Type : recommended References : 1195468 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - libprocps7-3.3.15-7.22.1 updated - procps-3.3.15-7.22.1 updated From sle-updates at lists.suse.com Mon Mar 14 14:18:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:18:55 +0100 (CET) Subject: SUSE-SU-2022:0815-1: moderate: Security update for flac Message-ID: <20220314141855.40C1BF37A@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0815-1 Rating: moderate References: #1196660 Cross-References: CVE-2021-0561 CVSS scores: CVE-2021-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flac fixes the following issues: - CVE-2021-0561: Fixed out of bound write in append_to_verify_fifo_interleaved_ (bsc#1196660). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-815=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-815=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-815=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): flac-debuginfo-1.3.2-3.9.1 flac-debugsource-1.3.2-3.9.1 flac-devel-1.3.2-3.9.1 libFLAC++6-1.3.2-3.9.1 libFLAC++6-debuginfo-1.3.2-3.9.1 libFLAC8-1.3.2-3.9.1 libFLAC8-debuginfo-1.3.2-3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): flac-1.3.2-3.9.1 flac-debuginfo-1.3.2-3.9.1 flac-debugsource-1.3.2-3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libFLAC8-32bit-1.3.2-3.9.1 libFLAC8-32bit-debuginfo-1.3.2-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.2-3.9.1 flac-debugsource-1.3.2-3.9.1 flac-devel-1.3.2-3.9.1 libFLAC++6-1.3.2-3.9.1 libFLAC++6-debuginfo-1.3.2-3.9.1 libFLAC8-1.3.2-3.9.1 libFLAC8-debuginfo-1.3.2-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-0561.html https://bugzilla.suse.com/1196660 From sle-updates at lists.suse.com Mon Mar 14 14:21:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:21:07 +0100 (CET) Subject: SUSE-RU-2022:0812-1: moderate: Recommended update for crmsh Message-ID: <20220314142107.580ACF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0812-1 Rating: moderate References: #1188290 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fix parser to still be able to show an empty property if it already exists (bsc#1188290) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-812=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-812=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.1+git.1646015979.1be4546d-2.71.1 crmsh-scripts-4.1.1+git.1646015979.1be4546d-2.71.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.1+git.1646015979.1be4546d-2.71.1 crmsh-scripts-4.1.1+git.1646015979.1be4546d-2.71.1 References: https://bugzilla.suse.com/1188290 From sle-updates at lists.suse.com Mon Mar 14 14:25:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:25:44 +0100 (CET) Subject: SUSE-SU-2022:0814-1: moderate: Security update for flac Message-ID: <20220314142544.34C2BF37A@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0814-1 Rating: moderate References: #1196660 Cross-References: CVE-2021-0561 CVSS scores: CVE-2021-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flac fixes the following issues: - CVE-2021-0561: Fixed out of bound write in append_to_verify_fifo_interleaved_ (bsc#1196660). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-814=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-814=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-814=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): flac-debugsource-1.3.0-18.5.1 libFLAC++6-32bit-1.3.0-18.5.1 libFLAC++6-debuginfo-32bit-1.3.0-18.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.0-18.5.1 flac-debugsource-1.3.0-18.5.1 flac-devel-1.3.0-18.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.0-18.5.1 flac-debugsource-1.3.0-18.5.1 libFLAC++6-1.3.0-18.5.1 libFLAC++6-debuginfo-1.3.0-18.5.1 libFLAC8-1.3.0-18.5.1 libFLAC8-debuginfo-1.3.0-18.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libFLAC8-32bit-1.3.0-18.5.1 libFLAC8-debuginfo-32bit-1.3.0-18.5.1 References: https://www.suse.com/security/cve/CVE-2021-0561.html https://bugzilla.suse.com/1196660 From sle-updates at lists.suse.com Mon Mar 14 14:26:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:26:56 +0100 (CET) Subject: SUSE-SU-2022:0817-1: moderate: Security update for xstream Message-ID: <20220314142656.B4E9BF37A@maintenance.suse.de> SUSE Security Update: Security update for xstream ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0817-1 Rating: moderate References: #1195458 Cross-References: CVE-2021-43859 CVSS scores: CVE-2021-43859 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43859 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xstream fixes the following issues: - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps (bsc#1195458). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-817=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-817=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-817=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-817=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xstream-1.4.19-3.18.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): xstream-1.4.19-3.18.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): xstream-1.4.19-3.18.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): xstream-1.4.19-3.18.2 References: https://www.suse.com/security/cve/CVE-2021-43859.html https://bugzilla.suse.com/1195458 From sle-updates at lists.suse.com Mon Mar 14 14:28:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:28:16 +0100 (CET) Subject: SUSE-SU-2022:0819-1: important: Security update for MozillaFirefox Message-ID: <20220314142816.BBE4FF37A@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0819-1 Rating: important References: #1196900 Cross-References: CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-819=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-819=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-819=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-819=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-819=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-819=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-819=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-819=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-819=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-819=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.7.0-150.24.1 MozillaFirefox-debuginfo-91.7.0-150.24.1 MozillaFirefox-debugsource-91.7.0-150.24.1 MozillaFirefox-devel-91.7.0-150.24.1 MozillaFirefox-translations-common-91.7.0-150.24.1 MozillaFirefox-translations-other-91.7.0-150.24.1 References: https://www.suse.com/security/cve/CVE-2022-26381.html https://www.suse.com/security/cve/CVE-2022-26383.html https://www.suse.com/security/cve/CVE-2022-26384.html https://www.suse.com/security/cve/CVE-2022-26386.html https://www.suse.com/security/cve/CVE-2022-26387.html https://bugzilla.suse.com/1196900 From sle-updates at lists.suse.com Mon Mar 14 14:29:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:29:41 +0100 (CET) Subject: SUSE-SU-2022:0816-1: moderate: Security update for java-11-openjdk Message-ID: <20220314142941.77BABF37A@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0816-1 Rating: moderate References: #1194925 #1194926 #1194927 #1194928 #1194929 #1194930 #1194931 #1194932 #1194933 #1194934 #1194935 #1194937 #1194939 #1194940 #1194941 Cross-References: CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVSS scores: CVE-2022-21248 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21248 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21277 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21277 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21282 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21282 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21283 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21283 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21291 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21291 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21293 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21293 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21296 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21305 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21305 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21340 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21340 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21366 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21366 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-816=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-816=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-816=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): java-11-openjdk-11.0.14.0-3.74.2 java-11-openjdk-debugsource-11.0.14.0-3.74.2 java-11-openjdk-demo-11.0.14.0-3.74.2 java-11-openjdk-devel-11.0.14.0-3.74.2 java-11-openjdk-headless-11.0.14.0-3.74.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.14.0-3.74.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.14.0-3.74.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.14.0-3.74.2 java-11-openjdk-debugsource-11.0.14.0-3.74.2 java-11-openjdk-demo-11.0.14.0-3.74.2 java-11-openjdk-devel-11.0.14.0-3.74.2 java-11-openjdk-headless-11.0.14.0-3.74.2 References: https://www.suse.com/security/cve/CVE-2022-21248.html https://www.suse.com/security/cve/CVE-2022-21277.html https://www.suse.com/security/cve/CVE-2022-21282.html https://www.suse.com/security/cve/CVE-2022-21283.html https://www.suse.com/security/cve/CVE-2022-21291.html https://www.suse.com/security/cve/CVE-2022-21293.html https://www.suse.com/security/cve/CVE-2022-21294.html https://www.suse.com/security/cve/CVE-2022-21296.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21305.html https://www.suse.com/security/cve/CVE-2022-21340.html https://www.suse.com/security/cve/CVE-2022-21341.html https://www.suse.com/security/cve/CVE-2022-21360.html https://www.suse.com/security/cve/CVE-2022-21365.html https://www.suse.com/security/cve/CVE-2022-21366.html https://bugzilla.suse.com/1194925 https://bugzilla.suse.com/1194926 https://bugzilla.suse.com/1194927 https://bugzilla.suse.com/1194928 https://bugzilla.suse.com/1194929 https://bugzilla.suse.com/1194930 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1194932 https://bugzilla.suse.com/1194933 https://bugzilla.suse.com/1194934 https://bugzilla.suse.com/1194935 https://bugzilla.suse.com/1194937 https://bugzilla.suse.com/1194939 https://bugzilla.suse.com/1194940 https://bugzilla.suse.com/1194941 From sle-updates at lists.suse.com Mon Mar 14 14:34:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 15:34:33 +0100 (CET) Subject: SUSE-SU-2022:0818-1: important: Security update for tomcat Message-ID: <20220314143433.46E55F37A@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0818-1 Rating: important References: #1195255 #1196137 Cross-References: CVE-2022-23181 CVSS scores: CVE-2022-23181 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23181 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Remove log4j (bsc#1196137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-818=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-818=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-818=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-818=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-818=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-818=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-818=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-818=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-818=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-818=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-818=1 Package List: - SUSE Manager Server 4.1 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Manager Retail Branch Server 4.1 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Manager Proxy 4.1 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 - SUSE Enterprise Storage 7 (noarch): tomcat-9.0.36-19.1 tomcat-admin-webapps-9.0.36-19.1 tomcat-el-3_0-api-9.0.36-19.1 tomcat-jsp-2_3-api-9.0.36-19.1 tomcat-lib-9.0.36-19.1 tomcat-servlet-4_0-api-9.0.36-19.1 tomcat-webapps-9.0.36-19.1 References: https://www.suse.com/security/cve/CVE-2022-23181.html https://bugzilla.suse.com/1195255 https://bugzilla.suse.com/1196137 From sle-updates at lists.suse.com Mon Mar 14 17:19:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 18:19:24 +0100 (CET) Subject: SUSE-SU-2022:0825-1: important: Security update for SDL2 Message-ID: <20220314171924.DE7B6F37A@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0825-1 Rating: important References: #1181201 #1181202 Cross-References: CVE-2020-14409 CVE-2020-14410 CVSS scores: CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: - CVE-2020-14409, CVE-2020-14410: Fixed overflow in surface pitch calculation (bsc#1181201, bsc#1181202). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-825=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-825=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-825=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-825=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-825=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-825=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-825=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-825=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-825=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-825=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 - SUSE CaaS Platform 4.0 (x86_64): SDL2-debugsource-2.0.8-3.18.1 libSDL2-2_0-0-2.0.8-3.18.1 libSDL2-2_0-0-debuginfo-2.0.8-3.18.1 libSDL2-devel-2.0.8-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-14409.html https://www.suse.com/security/cve/CVE-2020-14410.html https://bugzilla.suse.com/1181201 https://bugzilla.suse.com/1181202 From sle-updates at lists.suse.com Mon Mar 14 17:20:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 18:20:42 +0100 (CET) Subject: SUSE-SU-2022:14908-1: important: Security update for squid Message-ID: <20220314172042.09818F37B@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14908-1 Rating: important References: #1156329 #1175664 Cross-References: CVE-2019-12523 CVE-2019-18676 CVE-2020-15810 CVSS scores: CVE-2019-12523 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2019-12523 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2019-18676 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-18676 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-15810 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2020-15810 (SUSE): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2020-15810: Fixed a HTTP Request Smuggling that could have resulted in cache poisoning (bsc#1175664). - CVE-2019-12523: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). - CVE-2019-18676: Disabled urn parsing and parsing of unknown schemes (bsc#1156329). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-squid-14908=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-squid-14908=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid-14908=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-squid-14908=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): squid-2.7.STABLE5-2.12.30.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): squid-2.7.STABLE5-2.12.30.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): squid-debuginfo-2.7.STABLE5-2.12.30.6.1 squid-debugsource-2.7.STABLE5-2.12.30.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): squid-debuginfo-2.7.STABLE5-2.12.30.6.1 squid-debugsource-2.7.STABLE5-2.12.30.6.1 References: https://www.suse.com/security/cve/CVE-2019-12523.html https://www.suse.com/security/cve/CVE-2019-18676.html https://www.suse.com/security/cve/CVE-2020-15810.html https://bugzilla.suse.com/1156329 https://bugzilla.suse.com/1175664 From sle-updates at lists.suse.com Mon Mar 14 17:21:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 18:21:59 +0100 (CET) Subject: SUSE-SU-2022:0826-1: important: Security update for sssd Message-ID: <20220314172159.8E0F3F37B@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0826-1 Rating: important References: #1182637 #1189492 #1190775 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sssd fixes the following issues: Security issues fixed: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). Non-security issues fixed: - Create timestamp attribute in cache objects if missing. (bsc#1182637) - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-826=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-826=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-826=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-826=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-826=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-826=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-826=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-826=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-826=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-826=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 - SUSE Enterprise Storage 6 (x86_64): sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 - SUSE CaaS Platform 4.0 (x86_64): libipa_hbac-devel-1.16.1-8.64.1 libipa_hbac0-1.16.1-8.64.1 libipa_hbac0-debuginfo-1.16.1-8.64.1 libsss_certmap-devel-1.16.1-8.64.1 libsss_certmap0-1.16.1-8.64.1 libsss_certmap0-debuginfo-1.16.1-8.64.1 libsss_idmap-devel-1.16.1-8.64.1 libsss_idmap0-1.16.1-8.64.1 libsss_idmap0-debuginfo-1.16.1-8.64.1 libsss_nss_idmap-devel-1.16.1-8.64.1 libsss_nss_idmap0-1.16.1-8.64.1 libsss_nss_idmap0-debuginfo-1.16.1-8.64.1 libsss_simpleifp-devel-1.16.1-8.64.1 libsss_simpleifp0-1.16.1-8.64.1 libsss_simpleifp0-debuginfo-1.16.1-8.64.1 python3-sssd-config-1.16.1-8.64.1 python3-sssd-config-debuginfo-1.16.1-8.64.1 sssd-1.16.1-8.64.1 sssd-32bit-1.16.1-8.64.1 sssd-32bit-debuginfo-1.16.1-8.64.1 sssd-ad-1.16.1-8.64.1 sssd-ad-debuginfo-1.16.1-8.64.1 sssd-dbus-1.16.1-8.64.1 sssd-dbus-debuginfo-1.16.1-8.64.1 sssd-debuginfo-1.16.1-8.64.1 sssd-debugsource-1.16.1-8.64.1 sssd-ipa-1.16.1-8.64.1 sssd-ipa-debuginfo-1.16.1-8.64.1 sssd-krb5-1.16.1-8.64.1 sssd-krb5-common-1.16.1-8.64.1 sssd-krb5-common-debuginfo-1.16.1-8.64.1 sssd-krb5-debuginfo-1.16.1-8.64.1 sssd-ldap-1.16.1-8.64.1 sssd-ldap-debuginfo-1.16.1-8.64.1 sssd-proxy-1.16.1-8.64.1 sssd-proxy-debuginfo-1.16.1-8.64.1 sssd-tools-1.16.1-8.64.1 sssd-tools-debuginfo-1.16.1-8.64.1 sssd-wbclient-1.16.1-8.64.1 sssd-wbclient-debuginfo-1.16.1-8.64.1 sssd-wbclient-devel-1.16.1-8.64.1 sssd-winbind-idmap-1.16.1-8.64.1 sssd-winbind-idmap-debuginfo-1.16.1-8.64.1 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1182637 https://bugzilla.suse.com/1189492 https://bugzilla.suse.com/1190775 From sle-updates at lists.suse.com Mon Mar 14 17:23:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 18:23:26 +0100 (CET) Subject: SUSE-SU-2022:0820-1: important: Security update for libcaca Message-ID: <20220314172326.85615F37B@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0820-1 Rating: important References: #1184751 #1184752 Cross-References: CVE-2021-30498 CVE-2021-30499 CVSS scores: CVE-2021-30498 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30498 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-820=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-820=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-820=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-820=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-820=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-820=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-820=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-820=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-820=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-820=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-820=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-820=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-820=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE OpenStack Cloud 9 (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE OpenStack Cloud 8 (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca-devel-0.99.beta18-14.6.1 libcaca0-plugins-0.99.beta18-14.6.1 libcaca0-plugins-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 - HPE Helion Openstack 8 (x86_64): libcaca-debugsource-0.99.beta18-14.6.1 libcaca0-0.99.beta18-14.6.1 libcaca0-debuginfo-0.99.beta18-14.6.1 References: https://www.suse.com/security/cve/CVE-2021-30498.html https://www.suse.com/security/cve/CVE-2021-30499.html https://bugzilla.suse.com/1184751 https://bugzilla.suse.com/1184752 From sle-updates at lists.suse.com Mon Mar 14 17:24:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 18:24:51 +0100 (CET) Subject: SUSE-SU-2022:0821-1: important: Security update for MozillaFirefox Message-ID: <20220314172451.5E3C5F37B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0821-1 Rating: important References: #1196900 Cross-References: CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-821=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-821=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-821=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-821=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-821=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-821=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-821=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-821=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-821=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-821=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-821=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-821=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.7.0-152.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.7.0-152.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.7.0-152.22.1 MozillaFirefox-debuginfo-91.7.0-152.22.1 MozillaFirefox-debugsource-91.7.0-152.22.1 MozillaFirefox-devel-91.7.0-152.22.1 MozillaFirefox-translations-common-91.7.0-152.22.1 MozillaFirefox-translations-other-91.7.0-152.22.1 References: https://www.suse.com/security/cve/CVE-2022-26381.html https://www.suse.com/security/cve/CVE-2022-26383.html https://www.suse.com/security/cve/CVE-2022-26384.html https://www.suse.com/security/cve/CVE-2022-26386.html https://www.suse.com/security/cve/CVE-2022-26387.html https://bugzilla.suse.com/1196900 From sle-updates at lists.suse.com Mon Mar 14 17:27:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 18:27:22 +0100 (CET) Subject: SUSE-SU-2022:0822-1: important: Security update for MozillaFirefox Message-ID: <20220314172722.32C7CF37B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0822-1 Rating: important References: #1196900 Cross-References: CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-822=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-822=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-822=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-822=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-822=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-822=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-822=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-822=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-822=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-822=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-822=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-822=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-822=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.7.0-112.95.1 MozillaFirefox-debuginfo-91.7.0-112.95.1 MozillaFirefox-debugsource-91.7.0-112.95.1 MozillaFirefox-devel-91.7.0-112.95.1 MozillaFirefox-translations-common-91.7.0-112.95.1 References: https://www.suse.com/security/cve/CVE-2022-26381.html https://www.suse.com/security/cve/CVE-2022-26383.html https://www.suse.com/security/cve/CVE-2022-26384.html https://www.suse.com/security/cve/CVE-2022-26386.html https://www.suse.com/security/cve/CVE-2022-26387.html https://bugzilla.suse.com/1196900 From sle-updates at lists.suse.com Mon Mar 14 20:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 21:18:16 +0100 (CET) Subject: SUSE-SU-2022:0828-1: moderate: Security update for glib2 Message-ID: <20220314201816.7DDECF37B@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0828-1 Rating: moderate References: #1191489 Cross-References: CVE-2021-3800 CVSS scores: CVE-2021-3800 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: - CVE-2021-3800: Fixed a file content leak in pkexec due to charset aliases (bsc#1191489). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-828=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-828=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-828=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): glib2-debugsource-2.48.2-12.25.1 libgio-fam-2.48.2-12.25.1 libgio-fam-debuginfo-2.48.2-12.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.25.1 glib2-devel-2.48.2-12.25.1 glib2-devel-debuginfo-2.48.2-12.25.1 glib2-devel-static-2.48.2-12.25.1 libgio-fam-2.48.2-12.25.1 libgio-fam-debuginfo-2.48.2-12.25.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.48.2-12.25.1 glib2-tools-2.48.2-12.25.1 glib2-tools-debuginfo-2.48.2-12.25.1 libgio-2_0-0-2.48.2-12.25.1 libgio-2_0-0-debuginfo-2.48.2-12.25.1 libglib-2_0-0-2.48.2-12.25.1 libglib-2_0-0-debuginfo-2.48.2-12.25.1 libgmodule-2_0-0-2.48.2-12.25.1 libgmodule-2_0-0-debuginfo-2.48.2-12.25.1 libgobject-2_0-0-2.48.2-12.25.1 libgobject-2_0-0-debuginfo-2.48.2-12.25.1 libgthread-2_0-0-2.48.2-12.25.1 libgthread-2_0-0-debuginfo-2.48.2-12.25.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgio-2_0-0-32bit-2.48.2-12.25.1 libgio-2_0-0-debuginfo-32bit-2.48.2-12.25.1 libglib-2_0-0-32bit-2.48.2-12.25.1 libglib-2_0-0-debuginfo-32bit-2.48.2-12.25.1 libgmodule-2_0-0-32bit-2.48.2-12.25.1 libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.25.1 libgobject-2_0-0-32bit-2.48.2-12.25.1 libgobject-2_0-0-debuginfo-32bit-2.48.2-12.25.1 libgthread-2_0-0-32bit-2.48.2-12.25.1 libgthread-2_0-0-debuginfo-32bit-2.48.2-12.25.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib2-lang-2.48.2-12.25.1 References: https://www.suse.com/security/cve/CVE-2021-3800.html https://bugzilla.suse.com/1191489 From sle-updates at lists.suse.com Mon Mar 14 20:19:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 21:19:23 +0100 (CET) Subject: SUSE-SU-2022:14910-1: important: Security update for zsh Message-ID: <20220314201923.802A8F37B@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14910-1 Rating: important References: #1082885 #1082975 #1082977 #1082991 #1082998 #1083002 #1083250 #1084656 #1087026 #1107294 #1107296 #1163882 Cross-References: CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-13259 CVE-2018-7549 CVE-2019-20044 CVSS scores: CVE-2014-10070 (SUSE): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2014-10071 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2014-10071 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2014-10072 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2016-10714 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-10714 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-18205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-18205 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18206 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-18206 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-0502 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-0502 (SUSE): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2018-1071 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1071 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-1083 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-1083 (SUSE): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2018-13259 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13259 (SUSE): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2018-7549 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-7549 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-20044 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20044 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294). - CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991). - CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026). - CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656). - CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296). - CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002). - CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998). - CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250). - CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975). - CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977). - CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-zsh-14910=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-zsh-14910=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-zsh-14910=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-zsh-14910=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): zsh-4.3.6-67.9.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): zsh-4.3.6-67.9.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): zsh-debuginfo-4.3.6-67.9.8.1 zsh-debugsource-4.3.6-67.9.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): zsh-debuginfo-4.3.6-67.9.8.1 zsh-debugsource-4.3.6-67.9.8.1 References: https://www.suse.com/security/cve/CVE-2014-10070.html https://www.suse.com/security/cve/CVE-2014-10071.html https://www.suse.com/security/cve/CVE-2014-10072.html https://www.suse.com/security/cve/CVE-2016-10714.html https://www.suse.com/security/cve/CVE-2017-18205.html https://www.suse.com/security/cve/CVE-2017-18206.html https://www.suse.com/security/cve/CVE-2018-0502.html https://www.suse.com/security/cve/CVE-2018-1071.html https://www.suse.com/security/cve/CVE-2018-1083.html https://www.suse.com/security/cve/CVE-2018-13259.html https://www.suse.com/security/cve/CVE-2018-7549.html https://www.suse.com/security/cve/CVE-2019-20044.html https://bugzilla.suse.com/1082885 https://bugzilla.suse.com/1082975 https://bugzilla.suse.com/1082977 https://bugzilla.suse.com/1082991 https://bugzilla.suse.com/1082998 https://bugzilla.suse.com/1083002 https://bugzilla.suse.com/1083250 https://bugzilla.suse.com/1084656 https://bugzilla.suse.com/1087026 https://bugzilla.suse.com/1107294 https://bugzilla.suse.com/1107296 https://bugzilla.suse.com/1163882 From sle-updates at lists.suse.com Mon Mar 14 20:21:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 21:21:43 +0100 (CET) Subject: SUSE-SU-2022:0832-1: important: Security update for glibc Message-ID: <20220314202143.C190DF37B@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0832-1 Rating: important References: #1193625 #1194640 #1194768 #1194770 #1195560 Cross-References: CVE-2015-8985 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVSS scores: CVE-2015-8985 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2015-8985 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-832=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-832=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-832=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-832=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-832=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-832=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-832=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-832=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-832=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-832=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-832=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-832=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-832=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-832=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-832=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-832=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-832=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-832=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-832=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-832=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-832=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Manager Server 4.1 (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Manager Server 4.1 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Manager Retail Branch Server 4.1 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): glibc-2.26-13.65.1 glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Manager Proxy 4.1 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Manager Proxy 4.1 (x86_64): glibc-2.26-13.65.1 glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): glibc-2.26-13.65.1 glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): glibc-2.26-13.65.1 glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): glibc-2.26-13.65.1 glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Enterprise Storage 7 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Enterprise Storage 7 (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): glibc-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 - SUSE Enterprise Storage 6 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE Enterprise Storage 6 (x86_64): glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 - SUSE CaaS Platform 4.0 (noarch): glibc-i18ndata-2.26-13.65.1 glibc-info-2.26-13.65.1 - SUSE CaaS Platform 4.0 (x86_64): glibc-2.26-13.65.1 glibc-32bit-2.26-13.65.1 glibc-32bit-debuginfo-2.26-13.65.1 glibc-debuginfo-2.26-13.65.1 glibc-debugsource-2.26-13.65.1 glibc-devel-2.26-13.65.1 glibc-devel-32bit-2.26-13.65.1 glibc-devel-32bit-debuginfo-2.26-13.65.1 glibc-devel-debuginfo-2.26-13.65.1 glibc-devel-static-2.26-13.65.1 glibc-extra-2.26-13.65.1 glibc-extra-debuginfo-2.26-13.65.1 glibc-locale-2.26-13.65.1 glibc-locale-base-2.26-13.65.1 glibc-locale-base-32bit-2.26-13.65.1 glibc-locale-base-32bit-debuginfo-2.26-13.65.1 glibc-locale-base-debuginfo-2.26-13.65.1 glibc-profile-2.26-13.65.1 glibc-utils-2.26-13.65.1 glibc-utils-debuginfo-2.26-13.65.1 glibc-utils-src-debugsource-2.26-13.65.1 nscd-2.26-13.65.1 nscd-debuginfo-2.26-13.65.1 References: https://www.suse.com/security/cve/CVE-2015-8985.html https://www.suse.com/security/cve/CVE-2021-3999.html https://www.suse.com/security/cve/CVE-2022-23218.html https://www.suse.com/security/cve/CVE-2022-23219.html https://bugzilla.suse.com/1193625 https://bugzilla.suse.com/1194640 https://bugzilla.suse.com/1194768 https://bugzilla.suse.com/1194770 https://bugzilla.suse.com/1195560 From sle-updates at lists.suse.com Mon Mar 14 20:23:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 21:23:27 +0100 (CET) Subject: SUSE-RU-2022:0827-1: moderate: Recommended update for trento-premium Message-ID: <20220314202327.E8550F37B@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-premium ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0827-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for trento-premium fixes the following issues: Release 0.9.1 Fixed: - Add /usr/sbin to the PATH for the execution [\#858](https://github.com/trento-project/trento/pull/858) (@arbulu89) - Associate attached database properly when the database name is resolved [\#854](https://github.com/trento-project/trento/pull/854) (@arbulu89) - Exclude diagnostics service sap systems [\#849](https://github.com/trento-project/trento/pull/849) (@arbulu89) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-827=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-827=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-827=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 trento-premium-server-installer-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 trento-premium-server-installer-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 trento-premium-server-installer-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 References: From sle-updates at lists.suse.com Mon Mar 14 20:24:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Mar 2022 21:24:29 +0100 (CET) Subject: SUSE-SU-2022:14909-1: important: Security update for libcaca Message-ID: <20220314202429.4B813F37B@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14909-1 Rating: important References: #1184751 #1184752 Cross-References: CVE-2021-30498 CVE-2021-30499 CVSS scores: CVE-2021-30498 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30498 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30499 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libcaca fixes the following issues: - CVE-2021-30499: Fixed a memory corruption issue when exporting troff sources (bsc#1184751). - CVE-2021-30498: Fixed a memory corruption issue when exporting TGA images (bsc#1184752). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libcaca-14909=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libcaca-14909=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcaca-14909=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libcaca-14909=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libcaca-0.99.beta13b-49.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libcaca-0.99.beta13b-49.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libcaca-debuginfo-0.99.beta13b-49.3.1 libcaca-debugsource-0.99.beta13b-49.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libcaca-debuginfo-0.99.beta13b-49.3.1 libcaca-debugsource-0.99.beta13b-49.3.1 References: https://www.suse.com/security/cve/CVE-2021-30498.html https://www.suse.com/security/cve/CVE-2021-30499.html https://bugzilla.suse.com/1184751 https://bugzilla.suse.com/1184752 From sle-updates at lists.suse.com Mon Mar 14 23:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 00:17:43 +0100 (CET) Subject: SUSE-RU-2022:0834-1: moderate: Recommended update for gnome-shell Message-ID: <20220314231743.79A16F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0834-1 Rating: moderate References: #1190745 #1196708 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-shell fixes the following issues: - Show message "Multiple logins are not supported" when mixed locally/remotely login. (bsc#1190745) - Fix the failed login when remotely login. (bsc#1196708) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-834=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gnome-shell-3.34.5-3.28.1 gnome-shell-debuginfo-3.34.5-3.28.1 gnome-shell-debugsource-3.34.5-3.28.1 gnome-shell-devel-3.34.5-3.28.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): gnome-shell-lang-3.34.5-3.28.1 References: https://bugzilla.suse.com/1190745 https://bugzilla.suse.com/1196708 From sle-updates at lists.suse.com Mon Mar 14 23:18:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 00:18:49 +0100 (CET) Subject: SUSE-RU-2022:0833-1: moderate: Recommended update for open-iscsi Message-ID: <20220314231849.CC6D2F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0833-1 Rating: moderate References: #1195656 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issue: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-833=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-833=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-833=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-150300.32.15.1 iscsiuio-debuginfo-0.7.8.6-150300.32.15.1 libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 libopeniscsiusr0_2_0-debuginfo-2.1.6-150300.32.15.1 open-iscsi-2.1.6-150300.32.15.1 open-iscsi-debuginfo-2.1.6-150300.32.15.1 open-iscsi-debugsource-2.1.6-150300.32.15.1 open-iscsi-devel-2.1.6-150300.32.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-150300.32.15.1 iscsiuio-debuginfo-0.7.8.6-150300.32.15.1 libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 libopeniscsiusr0_2_0-debuginfo-2.1.6-150300.32.15.1 open-iscsi-2.1.6-150300.32.15.1 open-iscsi-debuginfo-2.1.6-150300.32.15.1 open-iscsi-debugsource-2.1.6-150300.32.15.1 open-iscsi-devel-2.1.6-150300.32.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): iscsiuio-0.7.8.6-150300.32.15.1 iscsiuio-debuginfo-0.7.8.6-150300.32.15.1 libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 libopeniscsiusr0_2_0-debuginfo-2.1.6-150300.32.15.1 open-iscsi-2.1.6-150300.32.15.1 open-iscsi-debuginfo-2.1.6-150300.32.15.1 open-iscsi-debugsource-2.1.6-150300.32.15.1 References: https://bugzilla.suse.com/1195656 From sle-updates at lists.suse.com Tue Mar 15 08:05:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 09:05:58 +0100 (CET) Subject: SUSE-CU-2022:275-1: Recommended update of suse/sles12sp5 Message-ID: <20220315080558.976D9F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:275-1 Container Tags : suse/sles12sp5:6.5.300 , suse/sles12sp5:latest Container Release : 6.5.300 Severity : moderate Type : recommended References : 1194845 1196494 1196495 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:785-1 Released: Thu Mar 10 09:53:23 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - Extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - Added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended expiry of SUSE SLES11 key (bsc#1194845) - Added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) - Removed old security key. The following package changes have been done: - suse-build-key-12.0-7.15.1 updated From sle-updates at lists.suse.com Tue Mar 15 08:37:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 09:37:04 +0100 (CET) Subject: SUSE-CU-2022:276-1: Security update of suse/sle15 Message-ID: <20220315083704.AC1C1F37B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:276-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.524 Container Release : 4.22.524 Severity : important Type : security References : 1193625 1194640 1194768 1194770 1195258 1195560 CVE-2015-8985 CVE-2021-22570 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) The following package changes have been done: - glibc-2.26-13.65.1 updated - libprotobuf-lite15-3.5.0-5.5.1 updated From sle-updates at lists.suse.com Tue Mar 15 11:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 12:19:46 +0100 (CET) Subject: SUSE-RU-2022:0835-1: important: Recommended update for crash Message-ID: <20220315111946.778FAF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0835-1 Rating: important References: #1190743 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issues: - Fix module loading (bsc#1190743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-835=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): crash-7.2.8-18.10.2 crash-debuginfo-7.2.8-18.10.2 crash-debugsource-7.2.8-18.10.2 crash-devel-7.2.8-18.10.2 crash-gcore-7.2.8-18.10.2 crash-gcore-debuginfo-7.2.8-18.10.2 crash-kmp-default-7.2.8_k5.3.18_24.102-18.10.2 crash-kmp-default-debuginfo-7.2.8_k5.3.18_24.102-18.10.2 References: https://bugzilla.suse.com/1190743 From sle-updates at lists.suse.com Tue Mar 15 11:20:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 12:20:52 +0100 (CET) Subject: SUSE-RU-2022:0836-1: moderate: Recommended update for gdb Message-ID: <20220315112052.8665EF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0836-1 Rating: moderate References: SLE-22287 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for gdb fixes the following issues: - Support for new IBM Z Hardware - GDB Part (jsc#SLE-22287) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-836=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-836=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gdb-11.1-8.30.1 gdb-debuginfo-11.1-8.30.1 gdb-debugsource-11.1-8.30.1 gdbserver-11.1-8.30.1 gdbserver-debuginfo-11.1-8.30.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): gdb-11.1-8.30.1 gdb-debuginfo-11.1-8.30.1 gdb-debugsource-11.1-8.30.1 gdbserver-11.1-8.30.1 gdbserver-debuginfo-11.1-8.30.1 References: From sle-updates at lists.suse.com Tue Mar 15 14:18:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:18:35 +0100 (CET) Subject: SUSE-SU-2022:0845-1: moderate: Security update for chrony Message-ID: <20220315141835.631D4F37A@maintenance.suse.de> SUSE Security Update: Security update for chrony ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0845-1 Rating: moderate References: #1099272 #1115529 #1128846 #1162964 #1172113 #1173277 #1174075 #1174911 #1180689 #1181826 #1187906 #1190926 #1194229 SLE-17334 Cross-References: CVE-2020-14367 CVSS scores: CVE-2020-14367 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-14367 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 12 fixes is now available. Description: This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-845=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-845=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-845=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-845=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-845=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-devel-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-devel-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 chrony-4.1-150300.16.3.1 chrony-debuginfo-4.1-150300.16.3.1 chrony-debugsource-4.1-150300.16.3.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): chrony-pool-empty-4.1-150300.16.3.1 chrony-pool-suse-4.1-150300.16.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 chrony-4.1-150300.16.3.1 chrony-debuginfo-4.1-150300.16.3.1 chrony-debugsource-4.1-150300.16.3.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Micro 5.1 (noarch): chrony-pool-suse-4.1-150300.16.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-14367.html https://bugzilla.suse.com/1099272 https://bugzilla.suse.com/1115529 https://bugzilla.suse.com/1128846 https://bugzilla.suse.com/1162964 https://bugzilla.suse.com/1172113 https://bugzilla.suse.com/1173277 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1174911 https://bugzilla.suse.com/1180689 https://bugzilla.suse.com/1181826 https://bugzilla.suse.com/1187906 https://bugzilla.suse.com/1190926 https://bugzilla.suse.com/1194229 From sle-updates at lists.suse.com Tue Mar 15 14:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:20:44 +0100 (CET) Subject: SUSE-SU-2022:0843-1: moderate: Security update for rust, rust1.58, rust1.59 Message-ID: <20220315142044.EC24CF37A@maintenance.suse.de> SUSE Security Update: Security update for rust, rust1.58, rust1.59 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0843-1 Rating: moderate References: #1194767 Cross-References: CVE-2022-21658 CVSS scores: CVE-2022-21658 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-21658 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust, rust1.58, rust1.59 fixes the following issues: This update provides both rust1.58 and rust1.59. Changes in rust1.58: - Add recommends for GCC for installs to be able to link. - Add suggests for lld/clang which are faster than gcc for linking to allow users choice on what they use. - CVE-2022-21658: Resolve race condition in std::fs::remove_dir_all (bsc#1194767) Version 1.58.0 (2022-01-13) ========================== Language -------- - [Format strings can now capture arguments simply by writing `{ident}` in the string.][90473] This works in all macros accepting format strings. Support for this in `panic!` (`panic!("{ident}")`) requires the 2021 edition; panic invocations in previous editions that appear to be trying to use this will result in a warning lint about not having the intended effect. - [`*const T` pointers can now be dereferenced in const contexts.][89551] - [The rules for when a generic struct implements `Unsize` have been relaxed.][90417] Compiler -------- - [Add LLVM CFI support to the Rust compiler][89652] - [Stabilize -Z strip as -C strip][90058]. Note that while release builds already don't add debug symbols for the code you compile, the compiled standard library that ships with Rust includes debug symbols, so you may want to use the `strip` option to remove these symbols to produce smaller release binaries. Note that this release only includes support in rustc, not directly in cargo. - [Add support for LLVM coverage mapping format versions 5 and 6][91207] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Update the minimum external LLVM to 12][90175] - [Add `x86_64-unknown-none` at Tier 3*][89062] - [Build musl dist artifacts with debuginfo enabled][90733]. When building release binaries using musl, you may want to use the newly stabilized strip option to remove these debug symbols, reducing the size of your binaries. - [Don't abort compilation after giving a lint error][87337] - [Error messages point at the source of trait bound obligations in more places][89580] \* Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [All remaining functions in the standard library have `#[must_use]` annotations where appropriate][89692], producing a warning when ignoring their return value. This helps catch mistakes such as expecting a function to mutate a value in place rather than return a new value. - [Paths are automatically canonicalized on Windows for operations that support it][89174] - [Re-enable debug checks for `copy` and `copy_nonoverlapping`][90041] - [Implement `RefUnwindSafe` for `Rc`][87467] - [Make RSplit: Clone not require T: Clone][90117] - [Implement `Termination` for `Result`][88601]. This allows writing `fn main() -> Result`, for a program whose successful exits never involve returning from `main` (for instance, a program that calls `exit`, or that uses `exec` to run another program). Stabilized APIs --------------- - [`Metadata::is_symlink`] - [`Path::is_symlink`] - [`{integer}::saturating_div`] - [`Option::unwrap_unchecked`] - [`Result::unwrap_unchecked`] - [`Result::unwrap_err_unchecked`] - [`NonZero{unsigned}::is_power_of_two`] - [`File::options`] These APIs are now usable in const contexts: - [`Duration::new`] - [`Duration::checked_add`] - [`Duration::saturating_add`] - [`Duration::checked_sub`] - [`Duration::saturating_sub`] - [`Duration::checked_mul`] - [`Duration::saturating_mul`] - [`Duration::checked_div`] - [`MaybeUninit::as_ptr`] - [`MaybeUninit::as_mut_ptr`] - [`MaybeUninit::assume_init`] - [`MaybeUninit::assume_init_ref`] Cargo ----- - [Add --message-format for install command][cargo/10107] - [Warn when alias shadows external subcommand][cargo/10082] Rustdoc ------- - [Show all Deref implementations recursively in rustdoc][90183] - [Use computed visibility in rustdoc][88447] Compatibility Notes ------------------- - [Try all stable method candidates first before trying unstable ones][90329]. This change ensures that adding new nightly-only methods to the Rust standard library will not break code invoking methods of the same name from traits outside the standard library. - Windows: [`std::process::Command` will no longer search the current directory for executables.][87704] - [All proc-macro backward-compatibility lints are now deny-by-default.][88041] - [proc_macro: Append .0 to unsuffixed float if it would otherwise become int token][90297] - [Refactor weak symbols in std::sys::unix][90846]. This optimizes accesses to glibc functions, by avoiding the use of dlopen. This does not increase the [minimum expected version of glibc](https://doc.rust-lang.org/nightly/rustc/platform-support.html). However, software distributions that use symbol versions to detect library dependencies, and which take weak symbols into account in that analysis, may detect rust binaries as requiring newer versions of glibc. - [rustdoc now rejects some unexpected semicolons in doctests][91026] Version 1.59.0 (2022-02-24) ========================== Language -------- - [Stabilize default arguments for const generics][90207] - [Stabilize destructuring assignment][90521] - [Relax private in public lint on generic bounds and where clauses of trait impls][90586] - [Stabilize asm! and global_asm! for x86, x86_64, ARM, Aarch64, and RISC-V][91728] Compiler -------- - [Stabilize new symbol mangling format, leaving it opt-in (-Csymbol-mangling-version=v0)][90128] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Fix sparc64 ABI for aggregates with floating point members][91003] - [Warn when a `#[test]`-like built-in attribute macro is present multiple times.][91172] - [Add support for riscv64gc-unknown-freebsd][91284] - [Stabilize `-Z emit-future-incompat` as `--json future-incompat`][91535] Libraries --------- - [Remove unnecessary bounds for some Hash{Map,Set} methods][91593] Stabilized APIs --------------- - [`std::thread::available_parallelism`][available_parallelism] - [`Result::copied`][result-copied] - [`Result::cloned`][result-cloned] - [`arch::asm!`][asm] - [`arch::global_asm!`][global_asm] - [`ops::ControlFlow::is_break`][is_break] - [`ops::ControlFlow::is_continue`][is_continue] - [`TryFrom for u8`][try_from_char_u8] - [`char::TryFromCharError`][try_from_char_err] implementing `Clone`, `Debug`, `Display`, `PartialEq`, `Copy`, `Eq`, `Error` - [`iter::zip`][zip] - [`NonZeroU8::is_power_of_two`][is_power_of_two8] - [`NonZeroU16::is_power_of_two`][is_power_of_two16] - [`NonZeroU32::is_power_of_two`][is_power_of_two32] - [`NonZeroU64::is_power_of_two`][is_power_of_two64] - [`NonZeroU128::is_power_of_two`][is_power_of_two128] - [`DoubleEndedIterator for ToLowercase`][lowercase] - [`DoubleEndedIterator for ToUppercase`][uppercase] - [`TryFrom<&mut [T]> for [T; N]`][tryfrom_ref_arr] - [`UnwindSafe for Once`][unwindsafe_once] - [`RefUnwindSafe for Once`][refunwindsafe_once] - [armv8 neon intrinsics for aarch64][stdarch/1266] Const-stable: - [`mem::MaybeUninit::as_ptr`][muninit_ptr] - [`mem::MaybeUninit::assume_init`][muninit_init] - [`mem::MaybeUninit::assume_init_ref`][muninit_init_ref] - [`ffi::CStr::from_bytes_with_nul_unchecked`][cstr_from_bytes] Cargo ----- - [Stabilize the `strip` profile option][cargo/10088] - [Stabilize future-incompat-report][cargo/10165] - [Support abbreviating `--release` as `-r`][cargo/10133] - [Support `term.quiet` configuration][cargo/10152] - [Remove `--host` from cargo {publish,search,login}][cargo/10145] Compatibility Notes ------------------- - [Refactor weak symbols in std::sys::unix][90846] This may add new, versioned, symbols when building with a newer glibc, as the standard library uses weak linkage rather than dynamically attempting to load certain symbols at runtime. - [Deprecate crate_type and crate_name nested inside `#![cfg_attr]`][83744] This adds a future compatibility lint to supporting the use of cfg_attr wrapping either crate_type or crate_name specification within Rust files; it is recommended that users migrate to setting the equivalent command line flags. - [Remove effect of `#[no_link]` attribute on name resolution][92034] This may expose new names, leading to conflicts with preexisting names in a given namespace and a compilation failure. - [Cargo will document libraries before binaries.][cargo/10172] - [Respect doc=false in dependencies, not just the root crate][cargo/10201] - [Weaken guarantee around advancing underlying iterators in zip][83791] - [Make split_inclusive() on an empty slice yield an empty output][89825] - [Update std::env::temp_dir to use GetTempPath2 on Windows when available.][89999] Changes in rust wrapper package: - Update to version 1.59.0 - for details see the rust1.59 package - Update package description to help users choose what tooling to install. - Provide rust+cargo by cargo: all cargo package provide this symbol too. Having the meta package provide it allows OBS to have a generic prefernece on the meta package for all packages 'just' requiring rust+cargo. - Update to version 1.58.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-843=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.59.0-150300.21.20.1 cargo1.58-1.58.0-150300.7.3.1 cargo1.58-debuginfo-1.58.0-150300.7.3.1 cargo1.59-1.59.0-150300.7.4.2 cargo1.59-debuginfo-1.59.0-150300.7.4.2 rust-1.59.0-150300.21.20.1 rust1.58-1.58.0-150300.7.3.1 rust1.58-debuginfo-1.58.0-150300.7.3.1 rust1.59-1.59.0-150300.7.4.2 rust1.59-debuginfo-1.59.0-150300.7.4.2 References: https://www.suse.com/security/cve/CVE-2022-21658.html https://bugzilla.suse.com/1194767 From sle-updates at lists.suse.com Tue Mar 15 14:22:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:22:10 +0100 (CET) Subject: SUSE-RU-2022:0846-1: moderate: Recommended update for log4j Message-ID: <20220315142210.824F5F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for log4j ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0846-1 Rating: moderate References: SLE-23508 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update ships log4j 2.17.1 to the SUSE Linux Enterprise Basesystem module. (jsc#SLE-23508) - Removed alias log4j:log4j from log4j-1.2-api, since it is not a drop-in replacement Update to 2.17.1. Fixed bugs: - JdbcAppender now uses JndiManager to access JNDI resources. JNDI is only enabled when system property log4j2.enableJndiJdbc is set to true. - Remove unused method. - ExtendedLoggerWrapper.logMessage no longer double-logs when location is requested. - log4j-to-slf4j no longer re-interpolates formatted message contents. - Correct SpringLookup package name in Interpolator. - log4j-to-slf4j takes the provided MessageFactory into account. - Fix MapLookup to lookup MapMessage before DefaultMap. - Buffered I/O checked had inverted logic in RollingFileAppenderBuidler. - Fix NPE when input is null in StrSubstitutor.replace(String, Properties). - Lookups with no prefix only read values from the configuration properties as expected. - Reduce ignored package scope of KafkaAppender. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-846=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-846=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-846=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): jackson-annotations-2.10.2-3.2.1 jackson-core-2.10.2-3.2.1 jackson-databind-2.10.5.1-3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jackson-annotations-2.10.2-3.2.1 jackson-core-2.10.2-3.2.1 jackson-databind-2.10.5.1-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): jackson-annotations-2.10.2-3.2.1 jackson-annotations-javadoc-2.10.2-3.2.1 jackson-core-2.10.2-3.2.1 jackson-core-javadoc-2.10.2-3.2.1 jackson-databind-2.10.5.1-3.5.1 jackson-databind-javadoc-2.10.5.1-3.5.1 log4j-2.17.1-4.20.1 log4j-javadoc-2.17.1-4.20.1 log4j-jcl-2.17.1-4.20.1 log4j-slf4j-2.17.1-4.20.1 References: From sle-updates at lists.suse.com Tue Mar 15 14:23:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:23:07 +0100 (CET) Subject: SUSE-RU-2022:14912-1: moderate: Recommended update for suse-build-key Message-ID: <20220315142307.D7049F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14912-1 Rating: moderate References: #1194845 #1196494 #1196495 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suse-build-key fixes the following issues: Extended GPG signing keys: - extended expiry of SUSE PTF key. - added new SUSE PTF key with RSA2048 bit (bsc#1196494) - extended expiry of SUSE SLES11 key (bsc#1194845) - Current SUSE security key added with 2022 edition (E-Mail usage only). (bsc#1196495) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-suse-build-key-14912=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-suse-build-key-14912=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): suse-build-key-1.0-907.47.7.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): suse-build-key-1.0-907.47.7.1 References: https://bugzilla.suse.com/1194845 https://bugzilla.suse.com/1196494 https://bugzilla.suse.com/1196495 From sle-updates at lists.suse.com Tue Mar 15 14:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:24:26 +0100 (CET) Subject: SUSE-SU-2022:0842-1: important: Security update for expat Message-ID: <20220315142426.85E86F37A@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0842-1 Rating: important References: #1196025 #1196784 Cross-References: CVE-2022-25236 CVSS scores: CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-842=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-842=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-842=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-842=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-842=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-842=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-842=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-842=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-842=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-842=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-842=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-842=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-842=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE OpenStack Cloud 9 (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE OpenStack Cloud 8 (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat-devel-2.1.0-21.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): expat-debuginfo-32bit-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): expat-debuginfo-32bit-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 - HPE Helion Openstack 8 (x86_64): expat-2.1.0-21.22.1 expat-debuginfo-2.1.0-21.22.1 expat-debuginfo-32bit-2.1.0-21.22.1 expat-debugsource-2.1.0-21.22.1 libexpat1-2.1.0-21.22.1 libexpat1-32bit-2.1.0-21.22.1 libexpat1-debuginfo-2.1.0-21.22.1 libexpat1-debuginfo-32bit-2.1.0-21.22.1 References: https://www.suse.com/security/cve/CVE-2022-25236.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196784 From sle-updates at lists.suse.com Tue Mar 15 14:26:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:26:17 +0100 (CET) Subject: SUSE-RU-2022:14913-1: moderate: Recommended update for sssd Message-ID: <20220315142617.6CF7CF37B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14913-1 Rating: moderate References: #1134464 #1196687 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - NSS: fix service enumeration (bsc#1134464) - Use the correct libdir on i586 for sssd-openssl1 (bsc#1196687) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-sssd-14913=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-sssd-14913=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-sssd-14913=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sssd-14913=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sssd-14913=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libsss_idmap0-1.9.4-0.34.17.1 python-sssd-config-1.9.4-0.34.17.1 sssd-1.9.4-0.34.17.1 sssd-tools-1.9.4-0.34.17.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): sssd-32bit-1.9.4-0.34.17.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): python-sssd-config-openssl1-1.9.4-0.34.17.1 sssd-openssl1-1.9.4-0.34.17.1 sssd-openssl1-tools-1.9.4-0.34.17.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): sssd-openssl1-32bit-1.9.4-0.34.17.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): sssd-openssl1-x86-1.9.4-0.34.17.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libsss_idmap0-1.9.4-0.34.17.1 python-sssd-config-1.9.4-0.34.17.1 sssd-1.9.4-0.34.17.1 sssd-tools-1.9.4-0.34.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): sssd-debuginfo-1.9.4-0.34.17.1 sssd-debugsource-1.9.4-0.34.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): sssd-debuginfo-32bit-1.9.4-0.34.17.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): sssd-debuginfo-1.9.4-0.34.17.1 sssd-debugsource-1.9.4-0.34.17.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): sssd-debuginfo-32bit-1.9.4-0.34.17.1 References: https://bugzilla.suse.com/1134464 https://bugzilla.suse.com/1196687 From sle-updates at lists.suse.com Tue Mar 15 14:29:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:29:04 +0100 (CET) Subject: SUSE-SU-2022:0841-1: important: Security update for libqt5-qtbase Message-ID: <20220315142904.79DA4F37B@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0841-1 Rating: important References: #1195386 #1196501 Cross-References: CVE-2022-23853 CVE-2022-25255 CVSS scores: CVE-2022-23853 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-23853 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-25255 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25255 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2022-23853, CVE-2022-25255: Avoid unintentionally using binaries from CWD (bsc#1195386, bsc#1196501). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-841=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-841=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-841=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-841=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-841=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-841=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-841=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-841=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-841=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-841=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-841=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-841=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Manager Server 4.1 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Manager Proxy 4.1 (x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Manager Proxy 4.1 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libQt5Concurrent-devel-5.12.7-4.17.1 libQt5Concurrent5-5.12.7-4.17.1 libQt5Concurrent5-debuginfo-5.12.7-4.17.1 libQt5Core-devel-5.12.7-4.17.1 libQt5Core5-5.12.7-4.17.1 libQt5Core5-debuginfo-5.12.7-4.17.1 libQt5DBus-devel-5.12.7-4.17.1 libQt5DBus-devel-debuginfo-5.12.7-4.17.1 libQt5DBus5-5.12.7-4.17.1 libQt5DBus5-debuginfo-5.12.7-4.17.1 libQt5Gui-devel-5.12.7-4.17.1 libQt5Gui5-5.12.7-4.17.1 libQt5Gui5-debuginfo-5.12.7-4.17.1 libQt5KmsSupport-devel-static-5.12.7-4.17.1 libQt5Network-devel-5.12.7-4.17.1 libQt5Network5-5.12.7-4.17.1 libQt5Network5-debuginfo-5.12.7-4.17.1 libQt5OpenGL-devel-5.12.7-4.17.1 libQt5OpenGL5-5.12.7-4.17.1 libQt5OpenGL5-debuginfo-5.12.7-4.17.1 libQt5OpenGLExtensions-devel-static-5.12.7-4.17.1 libQt5PlatformHeaders-devel-5.12.7-4.17.1 libQt5PlatformSupport-devel-static-5.12.7-4.17.1 libQt5PrintSupport-devel-5.12.7-4.17.1 libQt5PrintSupport5-5.12.7-4.17.1 libQt5PrintSupport5-debuginfo-5.12.7-4.17.1 libQt5Sql-devel-5.12.7-4.17.1 libQt5Sql5-5.12.7-4.17.1 libQt5Sql5-debuginfo-5.12.7-4.17.1 libQt5Sql5-mysql-5.12.7-4.17.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.17.1 libQt5Sql5-postgresql-5.12.7-4.17.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.17.1 libQt5Sql5-sqlite-5.12.7-4.17.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.17.1 libQt5Sql5-unixODBC-5.12.7-4.17.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.17.1 libQt5Test-devel-5.12.7-4.17.1 libQt5Test5-5.12.7-4.17.1 libQt5Test5-debuginfo-5.12.7-4.17.1 libQt5Widgets-devel-5.12.7-4.17.1 libQt5Widgets5-5.12.7-4.17.1 libQt5Widgets5-debuginfo-5.12.7-4.17.1 libQt5Xml-devel-5.12.7-4.17.1 libQt5Xml5-5.12.7-4.17.1 libQt5Xml5-debuginfo-5.12.7-4.17.1 libqt5-qtbase-common-devel-5.12.7-4.17.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.17.1 libqt5-qtbase-debugsource-5.12.7-4.17.1 libqt5-qtbase-devel-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.17.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.17.1 - SUSE Enterprise Storage 7 (noarch): libQt5Core-private-headers-devel-5.12.7-4.17.1 libQt5DBus-private-headers-devel-5.12.7-4.17.1 libQt5Gui-private-headers-devel-5.12.7-4.17.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.17.1 libQt5Network-private-headers-devel-5.12.7-4.17.1 libQt5OpenGL-private-headers-devel-5.12.7-4.17.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.17.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.17.1 libQt5Sql-private-headers-devel-5.12.7-4.17.1 libQt5Test-private-headers-devel-5.12.7-4.17.1 libQt5Widgets-private-headers-devel-5.12.7-4.17.1 libqt5-qtbase-private-headers-devel-5.12.7-4.17.1 References: https://www.suse.com/security/cve/CVE-2022-23853.html https://www.suse.com/security/cve/CVE-2022-25255.html https://bugzilla.suse.com/1195386 https://bugzilla.suse.com/1196501 From sle-updates at lists.suse.com Tue Mar 15 14:30:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:30:58 +0100 (CET) Subject: SUSE-SU-2022:14914-1: important: Security update for squid3 Message-ID: <20220315143058.904BFF37B@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14914-1 Rating: important References: #1183436 #1185921 Cross-References: CVE-2020-25097 CVE-2021-28651 CVSS scores: CVE-2020-25097 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-25097 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2021-28651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28651 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - CVE-2021-28651: Fixed a denial of service issue when processing URN resource identifiers (bsc#1185921). - CVE-2020-25097: Fixed an HTTP request smuggling issue (bsc#1183436). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-squid3-14914=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-squid3-14914=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-14914=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): squid3-3.1.23-8.16.37.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): squid3-3.1.23-8.16.37.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): squid3-debuginfo-3.1.23-8.16.37.18.1 squid3-debugsource-3.1.23-8.16.37.18.1 References: https://www.suse.com/security/cve/CVE-2020-25097.html https://www.suse.com/security/cve/CVE-2021-28651.html https://bugzilla.suse.com/1183436 https://bugzilla.suse.com/1185921 From sle-updates at lists.suse.com Tue Mar 15 14:32:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 15:32:53 +0100 (CET) Subject: SUSE-SU-2022:0844-1: important: Security update for expat Message-ID: <20220315143253.982C5F37B@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0844-1 Rating: important References: #1196025 #1196784 Cross-References: CVE-2022-25236 CVSS scores: CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-844=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-844=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-844=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-844=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-844=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-844=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-844=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-844=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-844=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-844=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-844=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-844=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-844=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-844=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-844=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-844=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-844=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-844=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-844=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-844=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-844=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-844=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-3.19.1 expat-32bit-debuginfo-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-3.19.1 expat-32bit-debuginfo-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-3.19.1 expat-32bit-debuginfo-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-3.19.1 expat-32bit-debuginfo-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): expat-2.2.5-3.19.1 expat-32bit-debuginfo-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-3.19.1 expat-32bit-debuginfo-2.2.5-3.19.1 expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat-devel-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-32bit-2.2.5-3.19.1 libexpat1-32bit-debuginfo-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 References: https://www.suse.com/security/cve/CVE-2022-25236.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196784 From sle-updates at lists.suse.com Tue Mar 15 17:17:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 18:17:31 +0100 (CET) Subject: SUSE-SU-2022:0847-1: important: Security update for php7 Message-ID: <20220315171731.8DA3FF37B@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0847-1 Rating: important References: #1196252 Cross-References: CVE-2021-21708 CVSS scores: CVE-2021-21708 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-21708 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21708: Fixed a memory corruption issue when processing integers from an untrusted source (bsc#1196252). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-847=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-847=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-847=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-847=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-847=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-847=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-847=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-847=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-847=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-847=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-847=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Manager Proxy 4.1 (x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-embed-7.4.6-3.35.1 php7-embed-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_php7-7.4.6-3.35.1 apache2-mod_php7-debuginfo-7.4.6-3.35.1 php7-7.4.6-3.35.1 php7-bcmath-7.4.6-3.35.1 php7-bcmath-debuginfo-7.4.6-3.35.1 php7-bz2-7.4.6-3.35.1 php7-bz2-debuginfo-7.4.6-3.35.1 php7-calendar-7.4.6-3.35.1 php7-calendar-debuginfo-7.4.6-3.35.1 php7-ctype-7.4.6-3.35.1 php7-ctype-debuginfo-7.4.6-3.35.1 php7-curl-7.4.6-3.35.1 php7-curl-debuginfo-7.4.6-3.35.1 php7-dba-7.4.6-3.35.1 php7-dba-debuginfo-7.4.6-3.35.1 php7-debuginfo-7.4.6-3.35.1 php7-debugsource-7.4.6-3.35.1 php7-devel-7.4.6-3.35.1 php7-dom-7.4.6-3.35.1 php7-dom-debuginfo-7.4.6-3.35.1 php7-enchant-7.4.6-3.35.1 php7-enchant-debuginfo-7.4.6-3.35.1 php7-exif-7.4.6-3.35.1 php7-exif-debuginfo-7.4.6-3.35.1 php7-fastcgi-7.4.6-3.35.1 php7-fastcgi-debuginfo-7.4.6-3.35.1 php7-fileinfo-7.4.6-3.35.1 php7-fileinfo-debuginfo-7.4.6-3.35.1 php7-fpm-7.4.6-3.35.1 php7-fpm-debuginfo-7.4.6-3.35.1 php7-ftp-7.4.6-3.35.1 php7-ftp-debuginfo-7.4.6-3.35.1 php7-gd-7.4.6-3.35.1 php7-gd-debuginfo-7.4.6-3.35.1 php7-gettext-7.4.6-3.35.1 php7-gettext-debuginfo-7.4.6-3.35.1 php7-gmp-7.4.6-3.35.1 php7-gmp-debuginfo-7.4.6-3.35.1 php7-iconv-7.4.6-3.35.1 php7-iconv-debuginfo-7.4.6-3.35.1 php7-intl-7.4.6-3.35.1 php7-intl-debuginfo-7.4.6-3.35.1 php7-json-7.4.6-3.35.1 php7-json-debuginfo-7.4.6-3.35.1 php7-ldap-7.4.6-3.35.1 php7-ldap-debuginfo-7.4.6-3.35.1 php7-mbstring-7.4.6-3.35.1 php7-mbstring-debuginfo-7.4.6-3.35.1 php7-mysql-7.4.6-3.35.1 php7-mysql-debuginfo-7.4.6-3.35.1 php7-odbc-7.4.6-3.35.1 php7-odbc-debuginfo-7.4.6-3.35.1 php7-opcache-7.4.6-3.35.1 php7-opcache-debuginfo-7.4.6-3.35.1 php7-openssl-7.4.6-3.35.1 php7-openssl-debuginfo-7.4.6-3.35.1 php7-pcntl-7.4.6-3.35.1 php7-pcntl-debuginfo-7.4.6-3.35.1 php7-pdo-7.4.6-3.35.1 php7-pdo-debuginfo-7.4.6-3.35.1 php7-pgsql-7.4.6-3.35.1 php7-pgsql-debuginfo-7.4.6-3.35.1 php7-phar-7.4.6-3.35.1 php7-phar-debuginfo-7.4.6-3.35.1 php7-posix-7.4.6-3.35.1 php7-posix-debuginfo-7.4.6-3.35.1 php7-readline-7.4.6-3.35.1 php7-readline-debuginfo-7.4.6-3.35.1 php7-shmop-7.4.6-3.35.1 php7-shmop-debuginfo-7.4.6-3.35.1 php7-snmp-7.4.6-3.35.1 php7-snmp-debuginfo-7.4.6-3.35.1 php7-soap-7.4.6-3.35.1 php7-soap-debuginfo-7.4.6-3.35.1 php7-sockets-7.4.6-3.35.1 php7-sockets-debuginfo-7.4.6-3.35.1 php7-sodium-7.4.6-3.35.1 php7-sodium-debuginfo-7.4.6-3.35.1 php7-sqlite-7.4.6-3.35.1 php7-sqlite-debuginfo-7.4.6-3.35.1 php7-sysvmsg-7.4.6-3.35.1 php7-sysvmsg-debuginfo-7.4.6-3.35.1 php7-sysvsem-7.4.6-3.35.1 php7-sysvsem-debuginfo-7.4.6-3.35.1 php7-sysvshm-7.4.6-3.35.1 php7-sysvshm-debuginfo-7.4.6-3.35.1 php7-tidy-7.4.6-3.35.1 php7-tidy-debuginfo-7.4.6-3.35.1 php7-tokenizer-7.4.6-3.35.1 php7-tokenizer-debuginfo-7.4.6-3.35.1 php7-xmlreader-7.4.6-3.35.1 php7-xmlreader-debuginfo-7.4.6-3.35.1 php7-xmlrpc-7.4.6-3.35.1 php7-xmlrpc-debuginfo-7.4.6-3.35.1 php7-xmlwriter-7.4.6-3.35.1 php7-xmlwriter-debuginfo-7.4.6-3.35.1 php7-xsl-7.4.6-3.35.1 php7-xsl-debuginfo-7.4.6-3.35.1 php7-zip-7.4.6-3.35.1 php7-zip-debuginfo-7.4.6-3.35.1 php7-zlib-7.4.6-3.35.1 php7-zlib-debuginfo-7.4.6-3.35.1 References: https://www.suse.com/security/cve/CVE-2021-21708.html https://bugzilla.suse.com/1196252 From sle-updates at lists.suse.com Tue Mar 15 17:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 18:20:01 +0100 (CET) Subject: SUSE-RU-2022:0848-1: moderate: Recommended update for kiwi-templates-JeOS Message-ID: <20220315172001.208EAF37B@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi-templates-JeOS ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0848-1 Rating: moderate References: #1194484 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi-templates-JeOS fixes the following issues: - Fix /etc/machine-id setup by appending 'rw' to the default boot options (bsc#1194484) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-848=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kiwi-templates-JeOS-15.3-150300.4.7.1 References: https://bugzilla.suse.com/1194484 From sle-updates at lists.suse.com Tue Mar 15 17:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Mar 2022 18:21:06 +0100 (CET) Subject: SUSE-RU-2022:0849-1: important: Recommended update for python-kiwi Message-ID: <20220315172106.59619F37B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0849-1 Rating: important References: #1196644 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - Don't exit the script on deprecated function use (bsc#1196644) * The "exit 0" stops processing of the calling script with a success exit code, which leads to incomplete and broken images. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-849=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-849=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-849=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-849=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dracut-kiwi-lib-9.24.16-3.47.1 dracut-kiwi-live-9.24.16-3.47.1 dracut-kiwi-oem-dump-9.24.16-3.47.1 dracut-kiwi-oem-repart-9.24.16-3.47.1 dracut-kiwi-overlay-9.24.16-3.47.1 kiwi-man-pages-9.24.16-3.47.1 kiwi-pxeboot-9.24.16-3.47.1 kiwi-systemdeps-bootloaders-9.24.16-3.47.1 kiwi-systemdeps-core-9.24.16-3.47.1 kiwi-systemdeps-disk-images-9.24.16-3.47.1 kiwi-systemdeps-filesystems-9.24.16-3.47.1 kiwi-systemdeps-image-validation-9.24.16-3.47.1 kiwi-systemdeps-iso-media-9.24.16-3.47.1 kiwi-tools-9.24.16-3.47.1 kiwi-tools-debuginfo-9.24.16-3.47.1 python-kiwi-debugsource-9.24.16-3.47.1 python3-kiwi-9.24.16-3.47.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.16-3.47.1 dracut-kiwi-live-9.24.16-3.47.1 dracut-kiwi-oem-dump-9.24.16-3.47.1 dracut-kiwi-oem-repart-9.24.16-3.47.1 dracut-kiwi-overlay-9.24.16-3.47.1 kiwi-man-pages-9.24.16-3.47.1 kiwi-systemdeps-9.24.16-3.47.1 kiwi-systemdeps-bootloaders-9.24.16-3.47.1 kiwi-systemdeps-containers-9.24.16-3.47.1 kiwi-systemdeps-core-9.24.16-3.47.1 kiwi-systemdeps-disk-images-9.24.16-3.47.1 kiwi-systemdeps-filesystems-9.24.16-3.47.1 kiwi-systemdeps-image-validation-9.24.16-3.47.1 kiwi-systemdeps-iso-media-9.24.16-3.47.1 kiwi-tools-9.24.16-3.47.1 kiwi-tools-debuginfo-9.24.16-3.47.1 python-kiwi-debugsource-9.24.16-3.47.1 python3-kiwi-9.24.16-3.47.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): kiwi-pxeboot-9.24.16-3.47.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.16-3.47.1 dracut-kiwi-oem-repart-9.24.16-3.47.1 python-kiwi-debugsource-9.24.16-3.47.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): dracut-kiwi-lib-9.24.16-3.47.1 dracut-kiwi-oem-repart-9.24.16-3.47.1 python-kiwi-debugsource-9.24.16-3.47.1 References: https://bugzilla.suse.com/1196644 From sle-updates at lists.suse.com Tue Mar 15 23:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:19:34 +0100 (CET) Subject: SUSE-SU-2022:14916-1: important: Security update for openssl1 Message-ID: <20220315231934.77EFAF37B@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14916-1 Rating: important References: #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl1 fixes the following issues: - CVE-2022-0778: Fixed an infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14916=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.42.1 libopenssl1_0_0-1.0.1g-0.58.42.1 openssl1-1.0.1g-0.58.42.1 openssl1-doc-1.0.1g-0.58.42.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.42.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.42.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:20:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:20:40 +0100 (CET) Subject: SUSE-SU-2022:0853-1: important: Security update for openssl-1_1 Message-ID: <20220315232040.7B5D0F37B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0853-1 Rating: important References: #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-853=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-853=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-853=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-853=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-853=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-853=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-14.27.1 libopenssl-1_1-devel-32bit-1.1.0i-14.27.1 libopenssl1_1-1.1.0i-14.27.1 libopenssl1_1-32bit-1.1.0i-14.27.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.27.1 libopenssl1_1-debuginfo-1.1.0i-14.27.1 libopenssl1_1-hmac-1.1.0i-14.27.1 libopenssl1_1-hmac-32bit-1.1.0i-14.27.1 openssl-1_1-1.1.0i-14.27.1 openssl-1_1-debuginfo-1.1.0i-14.27.1 openssl-1_1-debugsource-1.1.0i-14.27.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:21:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:21:48 +0100 (CET) Subject: SUSE-SU-2022:0854-1: important: Security update for openssl Message-ID: <20220315232148.506BFF37B@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0854-1 Rating: important References: #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-854=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-854=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-854=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-854=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-854=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-854=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-854=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.75.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.75.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.75.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.75.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.75.1 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.75.1 libopenssl1_0_0-1.0.2j-60.75.1 libopenssl1_0_0-32bit-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-1.0.2j-60.75.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.75.1 libopenssl1_0_0-hmac-1.0.2j-60.75.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.75.1 openssl-1.0.2j-60.75.1 openssl-debuginfo-1.0.2j-60.75.1 openssl-debugsource-1.0.2j-60.75.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:23:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:23:02 +0100 (CET) Subject: SUSE-SU-2022:0856-1: important: Security update for openssl-1_0_0 Message-ID: <20220315232302.47051F37B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0856-1 Rating: important References: #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-856=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-856=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-856=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-856=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-856=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-856=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-856=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-856=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-856=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-856=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-856=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-856=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl10-1.0.2p-3.49.1 libopenssl10-debuginfo-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl10-1.0.2p-3.49.1 libopenssl10-debuginfo-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.49.1 libopenssl1_0_0-1.0.2p-3.49.1 libopenssl1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-1.0.2p-3.49.1 openssl-1_0_0-debuginfo-1.0.2p-3.49.1 openssl-1_0_0-debugsource-1.0.2p-3.49.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:24:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:24:15 +0100 (CET) Subject: SUSE-SU-2022:0851-1: important: Security update for openssl-1_1 Message-ID: <20220315232415.97E51F37B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0851-1 Rating: important References: #1180995 #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Add safe primes to DH parameter generation as recommended from RFC7919 and RFC3526 (bsc#1180995). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-851=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-851=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-851=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-851=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-4.66.1 libopenssl1_1-1.1.0i-4.66.1 libopenssl1_1-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-1.1.0i-4.66.1 openssl-1_1-1.1.0i-4.66.1 openssl-1_1-debuginfo-1.1.0i-4.66.1 openssl-1_1-debugsource-1.1.0i-4.66.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.66.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-32bit-1.1.0i-4.66.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_1-devel-1.1.0i-4.66.1 libopenssl1_1-1.1.0i-4.66.1 libopenssl1_1-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-1.1.0i-4.66.1 openssl-1_1-1.1.0i-4.66.1 openssl-1_1-debuginfo-1.1.0i-4.66.1 openssl-1_1-debugsource-1.1.0i-4.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.66.1 libopenssl1_1-1.1.0i-4.66.1 libopenssl1_1-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-1.1.0i-4.66.1 openssl-1_1-1.1.0i-4.66.1 openssl-1_1-debuginfo-1.1.0i-4.66.1 openssl-1_1-debugsource-1.1.0i-4.66.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libopenssl1_1-32bit-1.1.0i-4.66.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-32bit-1.1.0i-4.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-4.66.1 libopenssl1_1-1.1.0i-4.66.1 libopenssl1_1-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-1.1.0i-4.66.1 openssl-1_1-1.1.0i-4.66.1 openssl-1_1-debuginfo-1.1.0i-4.66.1 openssl-1_1-debugsource-1.1.0i-4.66.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libopenssl1_1-32bit-1.1.0i-4.66.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.66.1 libopenssl1_1-hmac-32bit-1.1.0i-4.66.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1180995 https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:25:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:25:25 +0100 (CET) Subject: SUSE-SU-2022:0859-1: important: Security update for compat-openssl098 Message-ID: <20220315232525.7C632F37B@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0859-1 Rating: important References: #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for compat-openssl098 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-859=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-859=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-859=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-859=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): compat-openssl098-debugsource-0.9.8j-106.33.1 libopenssl0_9_8-0.9.8j-106.33.1 libopenssl0_9_8-debuginfo-0.9.8j-106.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.33.1 libopenssl0_9_8-0.9.8j-106.33.1 libopenssl0_9_8-debuginfo-0.9.8j-106.33.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.33.1 libopenssl0_9_8-0.9.8j-106.33.1 libopenssl0_9_8-debuginfo-0.9.8j-106.33.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.33.1 libopenssl0_9_8-0.9.8j-106.33.1 libopenssl0_9_8-32bit-0.9.8j-106.33.1 libopenssl0_9_8-debuginfo-0.9.8j-106.33.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.33.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:26:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:26:32 +0100 (CET) Subject: SUSE-SU-2022:0857-1: important: Security update for openssl-1_0_0 Message-ID: <20220315232632.5EC80F37B@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0857-1 Rating: important References: #1196249 #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-857=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-857=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-857=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-857=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-857=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-857=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.48.1 libopenssl1_0_0-1.0.2p-3.48.1 libopenssl1_0_0-32bit-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.48.1 libopenssl1_0_0-hmac-1.0.2p-3.48.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.48.1 openssl-1_0_0-1.0.2p-3.48.1 openssl-1_0_0-debuginfo-1.0.2p-3.48.1 openssl-1_0_0-debugsource-1.0.2p-3.48.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.48.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.48.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.48.1 libopenssl1_0_0-1.0.2p-3.48.1 libopenssl1_0_0-32bit-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.48.1 libopenssl1_0_0-hmac-1.0.2p-3.48.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.48.1 openssl-1_0_0-1.0.2p-3.48.1 openssl-1_0_0-debuginfo-1.0.2p-3.48.1 openssl-1_0_0-debugsource-1.0.2p-3.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.48.1 openssl-1_0_0-debuginfo-1.0.2p-3.48.1 openssl-1_0_0-debugsource-1.0.2p-3.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.48.1 libopenssl1_0_0-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-1.0.2p-3.48.1 libopenssl1_0_0-hmac-1.0.2p-3.48.1 openssl-1_0_0-1.0.2p-3.48.1 openssl-1_0_0-debuginfo-1.0.2p-3.48.1 openssl-1_0_0-debugsource-1.0.2p-3.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.48.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.48.1 libopenssl1_0_0-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-1.0.2p-3.48.1 libopenssl1_0_0-hmac-1.0.2p-3.48.1 openssl-1_0_0-1.0.2p-3.48.1 openssl-1_0_0-debuginfo-1.0.2p-3.48.1 openssl-1_0_0-debugsource-1.0.2p-3.48.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.48.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.48.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.48.1 libopenssl1_0_0-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-1.0.2p-3.48.1 libopenssl1_0_0-hmac-1.0.2p-3.48.1 openssl-1_0_0-1.0.2p-3.48.1 openssl-1_0_0-debuginfo-1.0.2p-3.48.1 openssl-1_0_0-debugsource-1.0.2p-3.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.48.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.48.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.48.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196249 https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:27:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:27:47 +0100 (CET) Subject: SUSE-SU-2022:14915-1: important: Security update for openssl Message-ID: <20220315232747.F34F0F37D@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14915-1 Rating: important References: #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14915=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14915=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14915=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14915=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.46.1 libopenssl0_9_8-hmac-0.9.8j-0.106.46.1 openssl-0.9.8j-0.106.46.1 openssl-doc-0.9.8j-0.106.46.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.46.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.46.1 libopenssl0_9_8-0.9.8j-0.106.46.1 libopenssl0_9_8-hmac-0.9.8j-0.106.46.1 openssl-0.9.8j-0.106.46.1 openssl-doc-0.9.8j-0.106.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.46.1 openssl-debugsource-0.9.8j-0.106.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.46.1 openssl-debugsource-0.9.8j-0.106.46.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Tue Mar 15 23:28:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:28:57 +0100 (CET) Subject: SUSE-RU-2022:0852-1: moderate: Recommended update for sssd Message-ID: <20220315232857.A53DCF37D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0852-1 Rating: moderate References: #1182058 #1196166 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common to fix bsc#1182058 and baselibs.conf was not updated accordingly; (bsc#1196166); Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-852=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-852=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-852=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-852=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-852=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-852=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-852=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-852=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-852=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-852=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Manager Server 4.1 (x86_64): sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Manager Proxy 4.1 (x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libipa_hbac-devel-1.16.1-17.17.1 libipa_hbac0-1.16.1-17.17.1 libipa_hbac0-debuginfo-1.16.1-17.17.1 libsss_certmap-devel-1.16.1-17.17.1 libsss_certmap0-1.16.1-17.17.1 libsss_certmap0-debuginfo-1.16.1-17.17.1 libsss_idmap-devel-1.16.1-17.17.1 libsss_idmap0-1.16.1-17.17.1 libsss_idmap0-debuginfo-1.16.1-17.17.1 libsss_nss_idmap-devel-1.16.1-17.17.1 libsss_nss_idmap0-1.16.1-17.17.1 libsss_nss_idmap0-debuginfo-1.16.1-17.17.1 libsss_simpleifp-devel-1.16.1-17.17.1 libsss_simpleifp0-1.16.1-17.17.1 libsss_simpleifp0-debuginfo-1.16.1-17.17.1 python3-sssd-config-1.16.1-17.17.1 python3-sssd-config-debuginfo-1.16.1-17.17.1 sssd-1.16.1-17.17.1 sssd-ad-1.16.1-17.17.1 sssd-ad-debuginfo-1.16.1-17.17.1 sssd-common-1.16.1-17.17.1 sssd-common-debuginfo-1.16.1-17.17.1 sssd-dbus-1.16.1-17.17.1 sssd-dbus-debuginfo-1.16.1-17.17.1 sssd-debugsource-1.16.1-17.17.1 sssd-ipa-1.16.1-17.17.1 sssd-ipa-debuginfo-1.16.1-17.17.1 sssd-krb5-1.16.1-17.17.1 sssd-krb5-common-1.16.1-17.17.1 sssd-krb5-common-debuginfo-1.16.1-17.17.1 sssd-krb5-debuginfo-1.16.1-17.17.1 sssd-ldap-1.16.1-17.17.1 sssd-ldap-debuginfo-1.16.1-17.17.1 sssd-proxy-1.16.1-17.17.1 sssd-proxy-debuginfo-1.16.1-17.17.1 sssd-tools-1.16.1-17.17.1 sssd-tools-debuginfo-1.16.1-17.17.1 sssd-winbind-idmap-1.16.1-17.17.1 sssd-winbind-idmap-debuginfo-1.16.1-17.17.1 - SUSE Enterprise Storage 7 (x86_64): sssd-common-32bit-1.16.1-17.17.1 sssd-common-32bit-debuginfo-1.16.1-17.17.1 References: https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1196166 From sle-updates at lists.suse.com Tue Mar 15 23:30:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 00:30:14 +0100 (CET) Subject: SUSE-SU-2022:0860-1: important: Security update for openssl-1_1 Message-ID: <20220315233014.2E630F37D@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0860-1 Rating: important References: #1182959 #1195149 #1195792 #1195856 #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Non-security issues fixed: - Fix PAC pointer authentication in ARM. (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) - Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-860=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-860=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-860=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-860=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-860=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-860=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.61.1 libopenssl1_1-32bit-1.1.1d-2.61.1 libopenssl1_1-debuginfo-1.1.1d-2.61.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.61.1 libopenssl1_1-hmac-1.1.1d-2.61.1 libopenssl1_1-hmac-32bit-1.1.1d-2.61.1 openssl-1_1-1.1.1d-2.61.1 openssl-1_1-debuginfo-1.1.1d-2.61.1 openssl-1_1-debugsource-1.1.1d-2.61.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.61.1 libopenssl1_1-32bit-1.1.1d-2.61.1 libopenssl1_1-debuginfo-1.1.1d-2.61.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.61.1 libopenssl1_1-hmac-1.1.1d-2.61.1 libopenssl1_1-hmac-32bit-1.1.1d-2.61.1 openssl-1_1-1.1.1d-2.61.1 openssl-1_1-debuginfo-1.1.1d-2.61.1 openssl-1_1-debugsource-1.1.1d-2.61.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.61.1 openssl-1_1-debuginfo-1.1.1d-2.61.1 openssl-1_1-debugsource-1.1.1d-2.61.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.61.1 libopenssl1_1-debuginfo-1.1.1d-2.61.1 libopenssl1_1-hmac-1.1.1d-2.61.1 openssl-1_1-1.1.1d-2.61.1 openssl-1_1-debuginfo-1.1.1d-2.61.1 openssl-1_1-debugsource-1.1.1d-2.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.61.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.61.1 libopenssl1_1-hmac-32bit-1.1.1d-2.61.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.61.1 libopenssl1_1-debuginfo-1.1.1d-2.61.1 libopenssl1_1-hmac-1.1.1d-2.61.1 openssl-1_1-1.1.1d-2.61.1 openssl-1_1-debuginfo-1.1.1d-2.61.1 openssl-1_1-debugsource-1.1.1d-2.61.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.61.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.61.1 libopenssl1_1-hmac-32bit-1.1.1d-2.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.61.1 libopenssl1_1-debuginfo-1.1.1d-2.61.1 libopenssl1_1-hmac-1.1.1d-2.61.1 openssl-1_1-1.1.1d-2.61.1 openssl-1_1-debuginfo-1.1.1d-2.61.1 openssl-1_1-debugsource-1.1.1d-2.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.61.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.61.1 libopenssl1_1-hmac-32bit-1.1.1d-2.61.1 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1182959 https://bugzilla.suse.com/1195149 https://bugzilla.suse.com/1195792 https://bugzilla.suse.com/1195856 https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Wed Mar 16 02:18:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 03:18:51 +0100 (CET) Subject: SUSE-RU-2022:0861-1: moderate: Recommended update for openssl-1_1 Message-ID: <20220316021851.9138EF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0861-1 Rating: moderate References: #1182959 #1195149 #1195792 #1195856 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-861=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-861=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-861=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-861=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-861=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-861=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-861=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-861=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-861=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-861=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-861=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-861=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-861=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-861=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-861=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-861=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-861=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-861=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-861=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-861=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-861=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-861=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-861=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-861=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-861=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-861=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Manager Server 4.1 (x86_64): libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Manager Retail Branch Server 4.1 (x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Manager Proxy 4.1 (x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-devel-static-2.31-150300.20.7 glibc-utils-2.31-150300.20.1 glibc-utils-debuginfo-2.31-150300.20.1 glibc-utils-src-debugsource-2.31-150300.20.1 libxcrypt-debugsource-4.4.15-150300.4.2.41 libxcrypt-devel-static-4.4.15-150300.4.2.41 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): glibc-32bit-debuginfo-2.31-150300.20.7 glibc-devel-32bit-2.31-150300.20.7 glibc-devel-32bit-debuginfo-2.31-150300.20.7 zlib-debugsource-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-devel-static-2.31-150300.20.7 glibc-utils-2.31-150300.20.1 glibc-utils-debuginfo-2.31-150300.20.1 glibc-utils-src-debugsource-2.31-150300.20.1 libxcrypt-debugsource-4.4.15-150300.4.2.41 libxcrypt-devel-static-4.4.15-150300.4.2.41 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): glibc-32bit-debuginfo-2.31-150300.20.7 glibc-devel-32bit-2.31-150300.20.7 glibc-devel-32bit-debuginfo-2.31-150300.20.7 zlib-debugsource-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.20.7 glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-devel-2.31-150300.20.7 glibc-devel-debuginfo-2.31-150300.20.7 glibc-extra-2.31-150300.20.7 glibc-extra-debuginfo-2.31-150300.20.7 glibc-locale-2.31-150300.20.7 glibc-locale-base-2.31-150300.20.7 glibc-locale-base-debuginfo-2.31-150300.20.7 glibc-profile-2.31-150300.20.7 libcrypt1-4.4.15-150300.4.2.41 libcrypt1-debuginfo-4.4.15-150300.4.2.41 libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libxcrypt-debugsource-4.4.15-150300.4.2.41 libxcrypt-devel-4.4.15-150300.4.2.41 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 nscd-2.31-150300.20.7 nscd-debuginfo-2.31-150300.20.7 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): glibc-i18ndata-2.31-150300.20.7 glibc-info-2.31-150300.20.7 glibc-lang-2.31-150300.20.7 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): glibc-32bit-2.31-150300.20.7 glibc-32bit-debuginfo-2.31-150300.20.7 glibc-locale-base-32bit-2.31-150300.20.7 glibc-locale-base-32bit-debuginfo-2.31-150300.20.7 libcrypt1-32bit-4.4.15-150300.4.2.41 libcrypt1-32bit-debuginfo-4.4.15-150300.4.2.41 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.20.7 glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-devel-2.31-150300.20.7 glibc-devel-debuginfo-2.31-150300.20.7 glibc-extra-2.31-150300.20.7 glibc-extra-debuginfo-2.31-150300.20.7 glibc-locale-2.31-150300.20.7 glibc-locale-base-2.31-150300.20.7 glibc-locale-base-debuginfo-2.31-150300.20.7 glibc-profile-2.31-150300.20.7 libcrypt1-4.4.15-150300.4.2.41 libcrypt1-debuginfo-4.4.15-150300.4.2.41 libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libxcrypt-debugsource-4.4.15-150300.4.2.41 libxcrypt-devel-4.4.15-150300.4.2.41 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 nscd-2.31-150300.20.7 nscd-debuginfo-2.31-150300.20.7 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): glibc-32bit-2.31-150300.20.7 glibc-32bit-debuginfo-2.31-150300.20.7 glibc-locale-base-32bit-2.31-150300.20.7 glibc-locale-base-32bit-debuginfo-2.31-150300.20.7 libcrypt1-32bit-4.4.15-150300.4.2.41 libcrypt1-32bit-debuginfo-4.4.15-150300.4.2.41 libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glibc-i18ndata-2.31-150300.20.7 glibc-info-2.31-150300.20.7 glibc-lang-2.31-150300.20.7 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): glibc-2.31-150300.20.7 glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-devel-2.31-150300.20.7 glibc-locale-2.31-150300.20.7 glibc-locale-base-2.31-150300.20.7 glibc-locale-base-debuginfo-2.31-150300.20.7 libcrypt1-4.4.15-150300.4.2.41 libcrypt1-debuginfo-4.4.15-150300.4.2.41 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libxcrypt-debugsource-4.4.15-150300.4.2.41 libxcrypt-devel-4.4.15-150300.4.2.41 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Enterprise Storage 7 (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 linux-glibc-devel-5.3-3.2.10 minizip-devel-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Enterprise Storage 7 (x86_64): libopenssl1_1-32bit-1.1.1d-11.43.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-32bit-1.1.1d-11.43.1 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE Enterprise Storage 6 (aarch64 x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 - SUSE Enterprise Storage 6 (x86_64): libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 - SUSE CaaS Platform 4.0 (x86_64): libminizip1-1.2.11-3.26.10 libminizip1-debuginfo-1.2.11-3.26.10 libz1-1.2.11-3.26.10 libz1-32bit-1.2.11-3.26.10 libz1-32bit-debuginfo-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 minizip-devel-1.2.11-3.26.10 zlib-debugsource-1.2.11-3.26.10 zlib-devel-1.2.11-3.26.10 zlib-devel-32bit-1.2.11-3.26.10 zlib-devel-static-1.2.11-3.26.10 References: https://bugzilla.suse.com/1182959 https://bugzilla.suse.com/1195149 https://bugzilla.suse.com/1195792 https://bugzilla.suse.com/1195856 From sle-updates at lists.suse.com Wed Mar 16 08:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 09:19:04 +0100 (CET) Subject: SUSE-RU-2022:0864-1: important: Recommended update for SAPHanaSR Message-ID: <20220316081904.C63F1F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0864-1 Rating: important References: #1174557 #1181765 #1182201 #1182545 #1182774 #1189530 #1189531 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Add systemd support for the resource agent to interact with the new SAP unit files for sapstartsrv. As the new version of the SAP Startup Framework will use systemd unit files to control the sapstartsrv process instead of the previous used SysV init script, the handling of sapstartsrv inside the resource agents is adapted to support both ways. (bsc#1189530, bsc#1189531) - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop'. 95% of this action timeouts will be used to calculate the new resource start and stop timeout for the 'WaitforStarted' and 'WaitforStopped' functions. If the new, calculated timeout value is less than '3600', it will be set to '3600', so that we do not decrease this timeout by accident. (bsc#1182545) - Change promotion scoring during maintenance procedure to prevent that both sides have an equal promotion scoring after refresh which might result in a critical promotion of the secondary. (bsc#1174557) - Update of man page SAPHanaSR.py.7 - correct the supported HANA version (bsc#1182201) - If the $hdbState command fails to retrieve the current state of the System Replication, the resource agent now uses the system_replication/actual_mode attribute (if available) from the global.ini file as a fallback. This should prevent some confusing and misleading log messages during a takeover and solves the problem of a not working takeover back (after a successful first takeover) (bsc#1181765) - Add dedicated logging of HANA_CALL problems. It is now possible to identify if the called `hana` command or the needed `su` command throws the error, and for further hints it logs the stderr output. Additionally it is possible to get regular log messages for the used commands, their return code and their stderr output by enabling the 'debug' mode of the resource agents (bsc#1182774) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-864=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-864=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-864=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-864=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-864=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): SAPHanaSR-0.155.0-4.17.1 SAPHanaSR-doc-0.155.0-4.17.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-0.155.0-4.17.1 SAPHanaSR-doc-0.155.0-4.17.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-0.155.0-4.17.1 SAPHanaSR-doc-0.155.0-4.17.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.155.0-4.17.1 SAPHanaSR-doc-0.155.0-4.17.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-0.155.0-4.17.1 SAPHanaSR-doc-0.155.0-4.17.1 References: https://bugzilla.suse.com/1174557 https://bugzilla.suse.com/1181765 https://bugzilla.suse.com/1182201 https://bugzilla.suse.com/1182545 https://bugzilla.suse.com/1182774 https://bugzilla.suse.com/1189530 https://bugzilla.suse.com/1189531 From sle-updates at lists.suse.com Wed Mar 16 08:21:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 09:21:41 +0100 (CET) Subject: SUSE-RU-2022:0862-1: important: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20220316082141.B936CF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0862-1 Rating: important References: #1182774 #1189532 #1189533 #1189540 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - Add systemd support for the resource agent to interact with the new SAP unit files for sapstartsrv. As the new version of the SAP Startup Framework uses systemd unit files to control the sapstartsrv process instead of the previous used SysV init script, the handling of sapstartsrv inside the resource agents is adapted to support both ways. (bsc#1189532, bsc#1189533) - Add dedicated logging of HANA_CALL problems. It is now possible to identify if the called `hana` command or the needed `su` command throws the error, and for further hints it logs the stderr output. Additionally it is possible to get regular log messages for the used commands, their return code and their stderr output by enabling the 'debug' mode of the resource agents. (bsc#1182774) - Add switch 'cib_access' to the SAPHanaSrMultiTarget hook to give control over the hook runtime. Default is 'all-on' which means there are 3 cib calls performed inside the hook script. Changing the value of 'cib_access' inside the global.ini file to'site-on' to perform the absolute minimum cib calls (only one). (bsc#1189540) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-862=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-862=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-862=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-862=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-862=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): SAPHanaSR-ScaleOut-0.181.0-30.1 SAPHanaSR-ScaleOut-doc-0.181.0-30.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-ScaleOut-0.181.0-30.1 SAPHanaSR-ScaleOut-doc-0.181.0-30.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-ScaleOut-0.181.0-30.1 SAPHanaSR-ScaleOut-doc-0.181.0-30.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-ScaleOut-0.181.0-30.1 SAPHanaSR-ScaleOut-doc-0.181.0-30.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-ScaleOut-0.181.0-30.1 SAPHanaSR-ScaleOut-doc-0.181.0-30.1 References: https://bugzilla.suse.com/1182774 https://bugzilla.suse.com/1189532 https://bugzilla.suse.com/1189533 https://bugzilla.suse.com/1189540 From sle-updates at lists.suse.com Wed Mar 16 08:23:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 09:23:12 +0100 (CET) Subject: SUSE-RU-2022:0866-1: important: Recommended update for SAPHanaSR-ScaleOut Message-ID: <20220316082312.DE81DF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR-ScaleOut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0866-1 Rating: important References: #1182774 #1189540 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - Add dedicated logging of HANA_CALL problems. It is now possible to identify if the called `hana` command or the needed `su` command throws the error, and for further hints it logs the stderr output. Additionally it is possible to get regular log messages for the used commands, their return code and their stderr output by enabling the 'debug' mode of the resource agents. (bsc#1182774) - Add switch 'cib_access' to the SAPHanaSrMultiTarget hook to give control over the hook runtime. Default is 'all-on' which means there are 3 cib calls performed inside the hook script. Changing the value of 'cib_access' inside the global.ini file to 'site-on' to perform the absolute minimum cib calls (only one) (bsc#1189540) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-866=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-866=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-866=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-ScaleOut-0.181.0-3.26.1 SAPHanaSR-ScaleOut-doc-0.181.0-3.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-ScaleOut-0.181.0-3.26.1 SAPHanaSR-ScaleOut-doc-0.181.0-3.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-ScaleOut-0.181.0-3.26.1 SAPHanaSR-ScaleOut-doc-0.181.0-3.26.1 References: https://bugzilla.suse.com/1182774 https://bugzilla.suse.com/1189540 From sle-updates at lists.suse.com Wed Mar 16 08:24:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 09:24:28 +0100 (CET) Subject: SUSE-RU-2022:0865-1: important: Recommended update for SAPHanaSR Message-ID: <20220316082428.ECEF7F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0865-1 Rating: important References: #1174557 #1181765 #1182201 #1182545 #1182774 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - The resource start and stop timeout is now configurable by increasing the timeout for the action 'start' and/or 'stop'. 95% of this action timeouts will be used to calculate the new resource start and stop timeout for the 'WaitforStarted' and 'WaitforStopped' functions. If the new, calculated timeout value is less than '3600', it will be set to '3600', so that we do not decrease this timeout by accident. (bsc#1182545) - Change promotion scoring during maintenance procedure to prevent that both sides have an equal promotion scoring after refresh which might result in a critical promotion of the secondary. (bsc#1174557) - Update of man page SAPHanaSR.py.7 - correct the supported HANA version. (bsc#1182201) - If the $hdbState command fails to retrieve the current state of the System Replication, the resource agent now uses the system_replication/actual_mode attribute (if available) from the global.ini file as a fallback. This should prevent some confusing and misleading log messages during a takeover and solves the problem of a not working takeover back (after a successful first takeover). (bsc#1181765) - Add dedicated logging of HANA_CALL problems. It is now possible to identify if the called `hana` command or the needed `su` command throws the error and for further hints it logs the stderr output. Additionally it is possible to get regular log messages for the used commands, their return code and their stderr output by enabling the 'debug' mode of the resource agents. (bsc#1182774) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-865=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-865=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-865=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-0.155.0-3.17.3 SAPHanaSR-doc-0.155.0-3.17.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.155.0-3.17.3 SAPHanaSR-doc-0.155.0-3.17.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-0.155.0-3.17.3 SAPHanaSR-doc-0.155.0-3.17.3 References: https://bugzilla.suse.com/1174557 https://bugzilla.suse.com/1181765 https://bugzilla.suse.com/1182201 https://bugzilla.suse.com/1182545 https://bugzilla.suse.com/1182774 From sle-updates at lists.suse.com Wed Mar 16 08:25:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 09:25:58 +0100 (CET) Subject: SUSE-RU-2022:0863-1: important: Recommended update for sapstartsrv-resource-agents Message-ID: <20220316082558.32D7CF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapstartsrv-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0863-1 Rating: important References: #1189529 #1193568 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapstartsrv-resource-agents fixes the following issues: - Add systemd support for the resource agent to interact with the new SAP unit files for sapstartsrv. As the new version of the SAP Startup Framework uses systemd unit files to control the sapstartsrv process instead of the previous used SysV init script, handling of sapstartsrv inside the resource agents is adapted to support both ways (bsc#1189529) - Prevent false posivite with pgrep in function '_get_status' (bsc#1193568) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-863=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-863=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-863=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-863=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-863=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): sapstartsrv-resource-agents-0.9.0+git.1645795466.55a8cca-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): sapstartsrv-resource-agents-0.9.0+git.1645795466.55a8cca-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): sapstartsrv-resource-agents-0.9.0+git.1645795466.55a8cca-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): sapstartsrv-resource-agents-0.9.0+git.1645795466.55a8cca-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sapstartsrv-resource-agents-0.9.0+git.1645795466.55a8cca-1.12.1 References: https://bugzilla.suse.com/1189529 https://bugzilla.suse.com/1193568 From sle-updates at lists.suse.com Wed Mar 16 11:18:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 12:18:38 +0100 (CET) Subject: SUSE-RU-2022:0869-1: moderate: Recommended update for s390-tools Message-ID: <20220316111838.12D7BF37B@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0869-1 Rating: moderate References: #1196439 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Fix ziomon throughput calculation. Use time interval, during which read and write requests were started and finished, for calculation of throughput of zfcp adapter instead of d2c time of read and write requests (bsc#1196439) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-869=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-869=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libekmfweb1-2.15.1-150300.8.17.1 libekmfweb1-debuginfo-2.15.1-150300.8.17.1 libekmfweb1-devel-2.15.1-150300.8.17.1 osasnmpd-2.15.1-150300.8.17.1 osasnmpd-debuginfo-2.15.1-150300.8.17.1 s390-tools-2.15.1-150300.8.17.1 s390-tools-debuginfo-2.15.1-150300.8.17.1 s390-tools-debugsource-2.15.1-150300.8.17.1 s390-tools-hmcdrvfs-2.15.1-150300.8.17.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.17.1 s390-tools-zdsfs-2.15.1-150300.8.17.1 s390-tools-zdsfs-debuginfo-2.15.1-150300.8.17.1 - SUSE Linux Enterprise Micro 5.1 (s390x): libekmfweb1-2.15.1-150300.8.17.1 libekmfweb1-debuginfo-2.15.1-150300.8.17.1 s390-tools-2.15.1-150300.8.17.1 s390-tools-debuginfo-2.15.1-150300.8.17.1 s390-tools-debugsource-2.15.1-150300.8.17.1 References: https://bugzilla.suse.com/1196439 From sle-updates at lists.suse.com Wed Mar 16 11:20:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 12:20:49 +0100 (CET) Subject: SUSE-RU-2022:0867-1: moderate: Recommended update for libtirpc Message-ID: <20220316112049.C0761F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0867-1 Rating: moderate References: #1193805 Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-867=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-867=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libtirpc-debugsource-1.0.2-3.11.1 libtirpc-devel-1.0.2-3.11.1 libtirpc-netconfig-1.0.2-3.11.1 libtirpc3-1.0.2-3.11.1 libtirpc3-32bit-1.0.2-3.11.1 libtirpc3-32bit-debuginfo-1.0.2-3.11.1 libtirpc3-debuginfo-1.0.2-3.11.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libtirpc-debugsource-1.0.2-3.11.1 libtirpc-netconfig-1.0.2-3.11.1 libtirpc3-1.0.2-3.11.1 libtirpc3-debuginfo-1.0.2-3.11.1 References: https://bugzilla.suse.com/1193805 From sle-updates at lists.suse.com Wed Mar 16 11:21:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 12:21:52 +0100 (CET) Subject: SUSE-FU-2022:0868-1: moderate: Feature update for tcl and tk Message-ID: <20220316112152.6DE60F37A@maintenance.suse.de> SUSE Feature Update: Feature update for tcl and tk ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0868-1 Rating: moderate References: #1138797 #1185662 #1195257 #903017 SLE-21016 SLE-23284 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has three fixes is now available. Description: This feature update for tcl and tk fixes the following issues: Update tcl and tk to version 8.6.12 (jsc#SLE-21016, jsc#SLE-23284): - Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662) - Use FAT LTO objects in order to provide proper static library (bsc#1138797) - Fix a bug in itcl that was affecting iwidgets (bsc#903017) - Add [combobox current] support "end" index - Add fixes in [text] bindings - Add missing "deferred clear code" support to GIF photo images - Add new virtual event <> - Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate - Add new support for POSIX error: EILSEQ - Add new command [tcl::unsupported::corotype] - Add new command [tcl::unsupported::timerate] for performance testing - Add new option -state to [ttk::scale] - Add portable keycodes: OE, oe, Ydiaeresis - Add support for backrefs in [array names -regexp] - Add support for Unicode 14 - Disfavor Master/Slave terminology - Enhance [oo::object] to acquire or lose a class identity dynamically - Fix canvas rotated text overlap detection - Fix canvas closed polylines yo fully honor -joinstyle - Fix display of Long non-wrapped lines in text - Fix display treeview focus ring when -selectmode none - Fix focus events not to break entry validation - Fix [package prefer stable] failing case - Fix auto_path initialization by Safe Base interps - Fix bad interaction between grab and mouse pointer warp - Fix borderwidth calculations on menu items - Fix cascade tearoff menu redraw artifacts - Fix coords rounding when drawing canvas items - Fix corrupt result from [$c postscript] with -file or -channel - Fix errno management in socket full close - Fix failure when a [proc] argument name is computed, not literal - Fix focus on unmapped windows - Fix handling of duplicates in spinbox -values list - Fix incomplete read of multi-image GIF - Fix initialization order of static package in wish - Fix issue when trying to display angled text without Xft - Fix issue with font initialization when no font is installed - Fix problems with Noto Color Emoji font - Fix race conditions in [file delete] and [file mkdir] - Fix Std channel initialization for multi-thread operations - Fix tearoff menu redraw artifacts - Fix up arrow key in [text] to correctly move cursor to index 1.0 - Fix various cursor issues - Fix various encoding issues - Fix various fontchooser issues - Fix various issues causing crashes and hang in - Fix various memory issues - Fix various scrolling bugs and add improvements - Fix 32/64-bit confusion of FS DIR operations reported for AIX - Improve appearance of text selection in [*entry] widgets - Improve checkbutton handling of -selectcolor - Improve handling of resolution changes - Improve multi-thread safety when Xft is in use - Improve ttk high-contrast-mode support - Improve emoji support - Improve legacy support for [tk_setPalette] - Make combobox -postoffset option work with default style - Make spinbox use proper names in query of option database - Menu flaws when empty menubar clicked - New index argument in [$menubutton post x y index] - Preserve canvas tag list order during add/delete - Prevent cross-manager loops of geom management - Rewrite of zlib inflation for multi-stream and completeness - Run fileevents in proper thread after [thread::attach $channel] - Stop [unload] corruption of list of loaded packages - Stop app switching exposing withdrawn windows as zombies - Tk now denied access to PRIMARY selection from safe interps - TkpDrawAngledCharsInContext leaked a CGColor - Try to restore Tcl's [update] command when Tk is unloaded - Changed [info * methods] to include mixins - [package require] is now NR-enabled The following fixes might show some potential incompatibilities with existing software: - Revised [binary (en|de)code base64] for RFC compliance and roundtrip - Tcl_DStringAppendElement # quoting precision, dstring-2.13, dstring-3.10 - Extended [clock scan] ISO format and time zone support - Allow for select/copy from disabled text widget on all platforms - Revised case of [info loaded] module names - [info hostname] reports DNS name, not NetBIOS name - Force -eofchar \032 when evaluating library scripts - Revised error messages: "too few" => "not enough" - Performed rewrite of Tk event loop to prevent ring overflow - Refactored all MouseWheel bindings - Revised precision of ::scale widget tick mark values - Prevent transient window cycles (crashed on Aqua) - Builds no longer use -lieee - Quoting of command line arguments by [exec] on Windows revised. Prior quoting rules left holes where some values would not pass through, but could trigger substitutions or program execution. See https://core.tcl-lang.org/tcl/info/21b0629c81 - [lreplace] accepts all out-of-range index values Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-868=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-868=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): tk-debuginfo-8.6.12-150300.10.3.1 tk-debugsource-8.6.12-150300.10.3.1 tk-devel-8.6.12-150300.10.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-150300.14.3.1 tcl-debuginfo-8.6.12-150300.14.3.1 tcl-debugsource-8.6.12-150300.14.3.1 tcl-devel-8.6.12-150300.14.3.1 tk-8.6.12-150300.10.3.1 tk-debuginfo-8.6.12-150300.10.3.1 tk-debugsource-8.6.12-150300.10.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): tcl-32bit-8.6.12-150300.14.3.1 tcl-32bit-debuginfo-8.6.12-150300.14.3.1 tk-32bit-8.6.12-150300.10.3.1 tk-32bit-debuginfo-8.6.12-150300.10.3.1 References: https://www.suse.com/security/cve/CVE-2021-35331.html https://bugzilla.suse.com/1138797 https://bugzilla.suse.com/1185662 https://bugzilla.suse.com/1195257 https://bugzilla.suse.com/903017 From sle-updates at lists.suse.com Wed Mar 16 14:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 15:17:43 +0100 (CET) Subject: SUSE-RU-2022:0876-1: moderate: Recommended update for xorg-x11-server Message-ID: <20220316141743.99E52F37D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0876-1 Rating: moderate References: #1188970 #1196577 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-server fixes the following issue: - Fix segmentation fault during terminal switches with multiple attached displays. (bsc#1188970) - Fix a regression that may cause gdm/lightdm fail to start. (bsc#1196577) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-876=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-876=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-876=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-876=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.47.1 xorg-x11-server-debugsource-1.20.3-22.5.47.1 xorg-x11-server-wayland-1.20.3-22.5.47.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.47.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): xorg-x11-server-1.20.3-22.5.47.1 xorg-x11-server-debuginfo-1.20.3-22.5.47.1 xorg-x11-server-debugsource-1.20.3-22.5.47.1 xorg-x11-server-extra-1.20.3-22.5.47.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.47.1 xorg-x11-server-sdk-1.20.3-22.5.47.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.47.1 xorg-x11-server-debugsource-1.20.3-22.5.47.1 xorg-x11-server-sdk-1.20.3-22.5.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.47.1 xorg-x11-server-debuginfo-1.20.3-22.5.47.1 xorg-x11-server-debugsource-1.20.3-22.5.47.1 xorg-x11-server-extra-1.20.3-22.5.47.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.47.1 References: https://bugzilla.suse.com/1188970 https://bugzilla.suse.com/1196577 From sle-updates at lists.suse.com Wed Mar 16 14:20:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 15:20:45 +0100 (CET) Subject: SUSE-SU-2022:0871-1: important: Security update for java-1_8_0-openjdk Message-ID: <20220316142045.05B84F37D@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0871-1 Rating: important References: #1193314 #1193444 #1193491 #1194926 #1194928 #1194929 #1194931 #1194932 #1194933 #1194934 #1194935 #1194937 #1194939 #1194940 #1194941 #1195163 Cross-References: CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVSS scores: CVE-2022-21248 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21248 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21282 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21282 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21283 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21283 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21293 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21293 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21296 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21305 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21305 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21340 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21340 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21349 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21349 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-871=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-871=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-871=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-871=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-871=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-871=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-871=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-871=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-871=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-871=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-871=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-871=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.322-27.72.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-debugsource-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-1.8.0.322-27.72.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-1.8.0.322-27.72.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-1.8.0.322-27.72.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-27.72.2 References: https://www.suse.com/security/cve/CVE-2022-21248.html https://www.suse.com/security/cve/CVE-2022-21282.html https://www.suse.com/security/cve/CVE-2022-21283.html https://www.suse.com/security/cve/CVE-2022-21293.html https://www.suse.com/security/cve/CVE-2022-21294.html https://www.suse.com/security/cve/CVE-2022-21296.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21305.html https://www.suse.com/security/cve/CVE-2022-21340.html https://www.suse.com/security/cve/CVE-2022-21341.html https://www.suse.com/security/cve/CVE-2022-21349.html https://www.suse.com/security/cve/CVE-2022-21360.html https://www.suse.com/security/cve/CVE-2022-21365.html https://bugzilla.suse.com/1193314 https://bugzilla.suse.com/1193444 https://bugzilla.suse.com/1193491 https://bugzilla.suse.com/1194926 https://bugzilla.suse.com/1194928 https://bugzilla.suse.com/1194929 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1194932 https://bugzilla.suse.com/1194933 https://bugzilla.suse.com/1194934 https://bugzilla.suse.com/1194935 https://bugzilla.suse.com/1194937 https://bugzilla.suse.com/1194939 https://bugzilla.suse.com/1194940 https://bugzilla.suse.com/1194941 https://bugzilla.suse.com/1195163 From sle-updates at lists.suse.com Wed Mar 16 14:23:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 15:23:30 +0100 (CET) Subject: SUSE-RU-2022:0875-1: moderate: Recommended update for nfs-utils Message-ID: <20220316142330.3C893F37D@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0875-1 Rating: moderate References: #1194661 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils fixes the following issues: - Improved error or warning messages handling to correct mountd faulty behaviour. (bsc#1194661) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-875=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-875=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-875=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-875=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nfs-client-2.1.1-6.17.1 nfs-client-debuginfo-2.1.1-6.17.1 nfs-doc-2.1.1-6.17.1 nfs-kernel-server-2.1.1-6.17.1 nfs-kernel-server-debuginfo-2.1.1-6.17.1 nfs-utils-debuginfo-2.1.1-6.17.1 nfs-utils-debugsource-2.1.1-6.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nfs-client-2.1.1-6.17.1 nfs-client-debuginfo-2.1.1-6.17.1 nfs-doc-2.1.1-6.17.1 nfs-kernel-server-2.1.1-6.17.1 nfs-kernel-server-debuginfo-2.1.1-6.17.1 nfs-utils-debuginfo-2.1.1-6.17.1 nfs-utils-debugsource-2.1.1-6.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nfs-client-2.1.1-6.17.1 nfs-client-debuginfo-2.1.1-6.17.1 nfs-doc-2.1.1-6.17.1 nfs-kernel-server-2.1.1-6.17.1 nfs-kernel-server-debuginfo-2.1.1-6.17.1 nfs-utils-debuginfo-2.1.1-6.17.1 nfs-utils-debugsource-2.1.1-6.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nfs-client-2.1.1-6.17.1 nfs-client-debuginfo-2.1.1-6.17.1 nfs-doc-2.1.1-6.17.1 nfs-kernel-server-2.1.1-6.17.1 nfs-kernel-server-debuginfo-2.1.1-6.17.1 nfs-utils-debuginfo-2.1.1-6.17.1 nfs-utils-debugsource-2.1.1-6.17.1 References: https://bugzilla.suse.com/1194661 From sle-updates at lists.suse.com Wed Mar 16 14:25:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 15:25:07 +0100 (CET) Subject: SUSE-RU-2022:0874-1: moderate: Recommended update for openldap2 Message-ID: <20220316142507.BDF94F37D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0874-1 Rating: moderate References: #1197004 PM-3288 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-874=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-874=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-874=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-874=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-874=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-874=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libldap-2_4-2-2.4.46-9.64.1 libldap-2_4-2-32bit-2.4.46-9.64.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.64.1 libldap-2_4-2-debuginfo-2.4.46-9.64.1 openldap2-client-2.4.46-9.64.1 openldap2-client-debuginfo-2.4.46-9.64.1 openldap2-debugsource-2.4.46-9.64.1 openldap2-devel-2.4.46-9.64.1 openldap2-devel-32bit-2.4.46-9.64.1 openldap2-devel-static-2.4.46-9.64.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libldap-data-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.64.1 openldap2-back-meta-2.4.46-9.64.1 openldap2-back-meta-debuginfo-2.4.46-9.64.1 openldap2-back-perl-2.4.46-9.64.1 openldap2-back-perl-debuginfo-2.4.46-9.64.1 openldap2-contrib-2.4.46-9.64.1 openldap2-contrib-debuginfo-2.4.46-9.64.1 openldap2-debuginfo-2.4.46-9.64.1 openldap2-debugsource-2.4.46-9.64.1 openldap2-ppolicy-check-password-1.2-9.64.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): openldap2-debugsource-2.4.46-9.64.1 openldap2-devel-32bit-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): openldap2-debugsource-2.4.46-9.64.1 openldap2-devel-32bit-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.64.1 libldap-2_4-2-debuginfo-2.4.46-9.64.1 openldap2-client-2.4.46-9.64.1 openldap2-client-debuginfo-2.4.46-9.64.1 openldap2-debuginfo-2.4.46-9.64.1 openldap2-debugsource-2.4.46-9.64.1 openldap2-devel-2.4.46-9.64.1 openldap2-devel-static-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libldap-2_4-2-32bit-2.4.46-9.64.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libldap-data-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.64.1 libldap-2_4-2-debuginfo-2.4.46-9.64.1 openldap2-client-2.4.46-9.64.1 openldap2-client-debuginfo-2.4.46-9.64.1 openldap2-debuginfo-2.4.46-9.64.1 openldap2-debugsource-2.4.46-9.64.1 openldap2-devel-2.4.46-9.64.1 openldap2-devel-static-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldap-2_4-2-32bit-2.4.46-9.64.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libldap-data-2.4.46-9.64.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libldap-2_4-2-2.4.46-9.64.1 libldap-2_4-2-debuginfo-2.4.46-9.64.1 openldap2-debuginfo-2.4.46-9.64.1 openldap2-debugsource-2.4.46-9.64.1 - SUSE Linux Enterprise Micro 5.1 (noarch): libldap-data-2.4.46-9.64.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libldap-2_4-2-2.4.46-9.64.1 libldap-2_4-2-debuginfo-2.4.46-9.64.1 openldap2-debuginfo-2.4.46-9.64.1 openldap2-debugsource-2.4.46-9.64.1 - SUSE Linux Enterprise Micro 5.0 (noarch): libldap-data-2.4.46-9.64.1 References: https://bugzilla.suse.com/1197004 From sle-updates at lists.suse.com Wed Mar 16 14:26:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 15:26:32 +0100 (CET) Subject: SUSE-SU-2022:0873-1: important: Security update for java-1_8_0-openjdk Message-ID: <20220316142632.12E47F37D@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0873-1 Rating: important References: #1193314 #1193444 #1193491 #1194926 #1194928 #1194929 #1194931 #1194932 #1194933 #1194934 #1194935 #1194937 #1194939 #1194940 #1194941 #1195163 Cross-References: CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVSS scores: CVE-2022-21248 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21248 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21282 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21282 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21283 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21283 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21293 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21293 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21294 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21296 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21305 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21305 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21340 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21340 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21341 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21349 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21349 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21360 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21365 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-873=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-873=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-873=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-873=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-873=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-873=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-873=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-873=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-873=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-873=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-873=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-873=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-873=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-873=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.322-3.64.2 java-1_8_0-openjdk-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-debugsource-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-1.8.0.322-3.64.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-1.8.0.322-3.64.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-1.8.0.322-3.64.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.322-3.64.2 References: https://www.suse.com/security/cve/CVE-2022-21248.html https://www.suse.com/security/cve/CVE-2022-21282.html https://www.suse.com/security/cve/CVE-2022-21283.html https://www.suse.com/security/cve/CVE-2022-21293.html https://www.suse.com/security/cve/CVE-2022-21294.html https://www.suse.com/security/cve/CVE-2022-21296.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21305.html https://www.suse.com/security/cve/CVE-2022-21340.html https://www.suse.com/security/cve/CVE-2022-21341.html https://www.suse.com/security/cve/CVE-2022-21349.html https://www.suse.com/security/cve/CVE-2022-21360.html https://www.suse.com/security/cve/CVE-2022-21365.html https://bugzilla.suse.com/1193314 https://bugzilla.suse.com/1193444 https://bugzilla.suse.com/1193491 https://bugzilla.suse.com/1194926 https://bugzilla.suse.com/1194928 https://bugzilla.suse.com/1194929 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1194932 https://bugzilla.suse.com/1194933 https://bugzilla.suse.com/1194934 https://bugzilla.suse.com/1194935 https://bugzilla.suse.com/1194937 https://bugzilla.suse.com/1194939 https://bugzilla.suse.com/1194940 https://bugzilla.suse.com/1194941 https://bugzilla.suse.com/1195163 From sle-updates at lists.suse.com Wed Mar 16 14:29:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 15:29:31 +0100 (CET) Subject: SUSE-SU-2022:0872-1: important: Security update for stunnel Message-ID: <20220316142931.36244F37D@maintenance.suse.de> SUSE Security Update: Security update for stunnel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0872-1 Rating: important References: #1181400 #1182529 SLE-20679 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: * Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests (bsc#1182529). - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service (bsc#1181400). * New features - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. - Added support for the new SSL_set_options() values. - Added a bash completion script. - New 'sessionResume' service-level option to allow or disallow session resumption - Download fresh ca-certs.pem for each new release. - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. - Client-side "protocol = ldap" support * Bugfixes - Fixed a transfer() loop bug. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling. - Fixed engine initialization. - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. - Fix configuration reload when compression is used - Fix test suite fixed not to require external connectivity Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-872=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-872=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-872=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-872=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-872=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-872=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-872=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-872=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-872=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-872=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-872=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-872=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Manager Proxy 4.1 (x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): stunnel-5.62-3.14.1 stunnel-debuginfo-5.62-3.14.1 stunnel-debugsource-5.62-3.14.1 References: https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1182529 From sle-updates at lists.suse.com Wed Mar 16 17:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 18:17:09 +0100 (CET) Subject: SUSE-SU-2022:0881-1: Security update for atftp Message-ID: <20220316171709.117D9F37A@maintenance.suse.de> SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0881-1 Rating: low References: #1195619 Cross-References: CVE-2021-46671 CVSS scores: CVE-2021-46671 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-46671 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for atftp fixes the following issues: - CVE-2021-46671: Fixed a potential information leak in atftpd (bsc#1195619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-881=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.14.1 atftp-debuginfo-0.7.0-160.14.1 atftp-debugsource-0.7.0-160.14.1 References: https://www.suse.com/security/cve/CVE-2021-46671.html https://bugzilla.suse.com/1195619 From sle-updates at lists.suse.com Wed Mar 16 17:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 18:18:07 +0100 (CET) Subject: SUSE-SU-2022:0882-1: moderate: Security update for python3 Message-ID: <20220316171807.A38D4F37A@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0882-1 Rating: moderate References: #1194146 #1195396 Cross-References: CVE-2021-4189 CVE-2022-0391 CVSS scores: CVE-2021-4189 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0391 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-0391 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2021-4189: Fixed default access from PASV response in the FTP client (bsc#1194146). - CVE-2022-0391: Fixed sanitizing of URLs containing ASCII newline and tabs in urlparse (bsc#1195396). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-882=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-882=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-882=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.85.1 python3-base-debugsource-3.4.10-25.85.1 python3-dbm-3.4.10-25.85.2 python3-dbm-debuginfo-3.4.10-25.85.2 python3-debuginfo-3.4.10-25.85.2 python3-debugsource-3.4.10-25.85.2 python3-devel-3.4.10-25.85.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.85.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.85.1 libpython3_4m1_0-debuginfo-3.4.10-25.85.1 python3-3.4.10-25.85.2 python3-base-3.4.10-25.85.1 python3-base-debuginfo-3.4.10-25.85.1 python3-base-debugsource-3.4.10-25.85.1 python3-curses-3.4.10-25.85.2 python3-curses-debuginfo-3.4.10-25.85.2 python3-debuginfo-3.4.10-25.85.2 python3-debugsource-3.4.10-25.85.2 python3-devel-3.4.10-25.85.1 python3-tk-3.4.10-25.85.2 python3-tk-debuginfo-3.4.10-25.85.2 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.85.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.85.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.85.1 python3-base-debuginfo-32bit-3.4.10-25.85.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.85.1 libpython3_4m1_0-debuginfo-3.4.10-25.85.1 python3-3.4.10-25.85.2 python3-base-3.4.10-25.85.1 python3-base-debuginfo-3.4.10-25.85.1 python3-base-debugsource-3.4.10-25.85.1 python3-curses-3.4.10-25.85.2 python3-debuginfo-3.4.10-25.85.2 python3-debugsource-3.4.10-25.85.2 References: https://www.suse.com/security/cve/CVE-2021-4189.html https://www.suse.com/security/cve/CVE-2022-0391.html https://bugzilla.suse.com/1194146 https://bugzilla.suse.com/1195396 From sle-updates at lists.suse.com Wed Mar 16 20:16:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Mar 2022 21:16:28 +0100 (CET) Subject: SUSE-RU-2022:0883-1: moderate: Recommended update for patterns-sles Message-ID: <20220316201628.8832CF37B@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0883-1 Rating: moderate References: #1196307 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sles fixes the following issues: - In the FIPS pattern downgrade the requires of libopenssl-1_1-hmac to recommends to avoid explicit pulling in perhaps unneeded openssl 1.1.1 (bsc#1196307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-883=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): patterns-sles-Basis-Devel-12-12.9.1 patterns-sles-Minimal-12-12.9.1 patterns-sles-WBEM-12-12.9.1 patterns-sles-apparmor-12-12.9.1 patterns-sles-base-12-12.9.1 patterns-sles-dhcp_dns_server-12-12.9.1 patterns-sles-directory_server-12-12.9.1 patterns-sles-documentation-12-12.9.1 patterns-sles-file_server-12-12.9.1 patterns-sles-fips-12-12.9.1 patterns-sles-gateway_server-12-12.9.1 patterns-sles-lamp_server-12-12.9.1 patterns-sles-mail_server-12-12.9.1 patterns-sles-ofed-12-12.9.1 patterns-sles-printing-12-12.9.1 patterns-sles-x11-12-12.9.1 patterns-sles-yast2-12-12.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): patterns-sles-kvm_server-12-12.9.1 patterns-sles-kvm_tools-12-12.9.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): patterns-sles-sap_server-12-12.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): patterns-sles-32bit-12-12.9.1 patterns-sles-Basis-Devel-32bit-12-12.9.1 patterns-sles-Minimal-32bit-12-12.9.1 patterns-sles-WBEM-32bit-12-12.9.1 patterns-sles-apparmor-32bit-12-12.9.1 patterns-sles-base-32bit-12-12.9.1 patterns-sles-dhcp_dns_server-32bit-12-12.9.1 patterns-sles-directory_server-32bit-12-12.9.1 patterns-sles-documentation-32bit-12-12.9.1 patterns-sles-file_server-32bit-12-12.9.1 patterns-sles-fips-32bit-12-12.9.1 patterns-sles-gateway_server-32bit-12-12.9.1 patterns-sles-kvm_server-32bit-12-12.9.1 patterns-sles-kvm_tools-32bit-12-12.9.1 patterns-sles-lamp_server-32bit-12-12.9.1 patterns-sles-laptop-32bit-12-12.9.1 patterns-sles-mail_server-32bit-12-12.9.1 patterns-sles-ofed-32bit-12-12.9.1 patterns-sles-oracle_server-12-12.9.1 patterns-sles-oracle_server-32bit-12-12.9.1 patterns-sles-printing-32bit-12-12.9.1 patterns-sles-sap_server-32bit-12-12.9.1 patterns-sles-x11-32bit-12-12.9.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): patterns-sles-laptop-12-12.9.1 patterns-sles-xen_server-12-12.9.1 patterns-sles-xen_server-32bit-12-12.9.1 patterns-sles-xen_tools-12-12.9.1 patterns-sles-xen_tools-32bit-12-12.9.1 patterns-sles-yast2-32bit-12-12.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): patterns-sles-hwcrypto-12-12.9.1 patterns-sles-hwcrypto-32bit-12-12.9.1 References: https://bugzilla.suse.com/1196307 From sle-updates at lists.suse.com Thu Mar 17 14:17:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:17:38 +0100 (CET) Subject: SUSE-OU-2022:0885-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220317141738.2A92EF37A@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0885-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: freerdp, libgsm Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-885=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-885=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-885=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-885=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): freerdp-2.1.2-15.12.1 freerdp-debuginfo-2.1.2-15.12.1 freerdp-debugsource-2.1.2-15.12.1 freerdp-devel-2.1.2-15.12.1 freerdp-proxy-2.1.2-15.12.1 freerdp-proxy-debuginfo-2.1.2-15.12.1 libfreerdp2-2.1.2-15.12.1 libfreerdp2-debuginfo-2.1.2-15.12.1 libwinpr2-2.1.2-15.12.1 libwinpr2-debuginfo-2.1.2-15.12.1 winpr2-devel-2.1.2-15.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libgsm-debugsource-1.0.14-3.2.1 libgsm-devel-1.0.14-3.2.1 libgsm1-1.0.14-3.2.1 libgsm1-debuginfo-1.0.14-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): freerdp-2.1.2-15.12.1 freerdp-debuginfo-2.1.2-15.12.1 freerdp-debugsource-2.1.2-15.12.1 freerdp-devel-2.1.2-15.12.1 freerdp-proxy-2.1.2-15.12.1 freerdp-proxy-debuginfo-2.1.2-15.12.1 libfreerdp2-2.1.2-15.12.1 libfreerdp2-debuginfo-2.1.2-15.12.1 libgsm1-1.0.14-3.2.1 libwinpr2-2.1.2-15.12.1 libwinpr2-debuginfo-2.1.2-15.12.1 winpr2-devel-2.1.2-15.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libgsm-debugsource-1.0.14-3.2.1 libgsm1-32bit-1.0.14-3.2.1 libgsm1-32bit-debuginfo-1.0.14-3.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libgsm-debugsource-1.0.14-3.2.1 libgsm-devel-1.0.14-3.2.1 libgsm1-1.0.14-3.2.1 libgsm1-debuginfo-1.0.14-3.2.1 References: From sle-updates at lists.suse.com Thu Mar 17 14:19:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:19:09 +0100 (CET) Subject: SUSE-RU-2022:0884-1: moderate: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Message-ID: <20220317141909.47C76F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0884-1 Rating: moderate References: #1082318 SLE-18756 SLE-23374 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-884=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-884=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-884=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-884=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-884=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-884=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-884=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python-pyrsistent-debuginfo-0.14.4-3.2.1 python-pyrsistent-debugsource-0.14.4-3.2.1 python3-pyrsistent-0.14.4-3.2.1 python3-pyrsistent-debuginfo-0.14.4-3.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): python3-attrs-19.3.0-3.4.1 python3-jsonschema-3.2.0-9.3.1 python3-six-1.14.0-12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): python3-attrs-19.3.0-3.4.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-backports-4.0.0-3.2.1 python2-six-1.14.0-12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python2-pyrsistent-0.14.4-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-backports-4.0.0-3.2.1 python2-jsonschema-3.2.0-9.3.1 python2-six-1.14.0-12.1 python3-backports-4.0.0-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-pyrsistent-debuginfo-0.14.4-3.2.1 python-pyrsistent-debugsource-0.14.4-3.2.1 python3-pyrsistent-0.14.4-3.2.1 python3-pyrsistent-debuginfo-0.14.4-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-attrs-19.3.0-3.4.1 python3-jsonschema-3.2.0-9.3.1 python3-six-1.14.0-12.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-six-1.14.0-12.1 - SUSE Linux Enterprise Micro 5.0 (noarch): python3-six-1.14.0-12.1 References: https://bugzilla.suse.com/1082318 From sle-updates at lists.suse.com Thu Mar 17 14:20:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:20:17 +0100 (CET) Subject: SUSE-RU-2022:0892-1: Recommended update for libyui Message-ID: <20220317142017.839F7F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libyui ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0892-1 Rating: low References: #1195114 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libyui fixes the following issue: - Add package libyui-qt-pkg15 to Basesystem (bsc#1195114). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-892=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-892=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-892=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libyui-ncurses-rest-api-debugsource-4.1.5-150300.3.8.6 libyui-ncurses-rest-api-devel-4.1.5-150300.3.8.6 libyui-ncurses-rest-api15-4.1.5-150300.3.8.6 libyui-ncurses-rest-api15-debuginfo-4.1.5-150300.3.8.6 libyui-qt-rest-api-debugsource-4.1.5-150300.3.8.6 libyui-qt-rest-api-devel-4.1.5-150300.3.8.6 libyui-qt-rest-api15-4.1.5-150300.3.8.6 libyui-qt-rest-api15-debuginfo-4.1.5-150300.3.8.6 libyui-rest-api-debugsource-4.1.5-150300.3.8.6 libyui-rest-api-devel-4.1.5-150300.3.8.6 libyui-rest-api15-4.1.5-150300.3.8.6 libyui-rest-api15-debuginfo-4.1.5-150300.3.8.6 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-4.1.5-150300.3.8.1 libyui-qt-pkg-devel-4.1.5-150300.3.8.1 libyui-qt-pkg15-4.1.5-150300.3.8.1 libyui-qt-pkg15-debuginfo-4.1.5-150300.3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libyui-debugsource-4.1.5-150300.3.8.7 libyui-devel-4.1.5-150300.3.8.7 libyui-ncurses-debugsource-4.1.5-150300.3.8.7 libyui-ncurses-devel-4.1.5-150300.3.8.7 libyui-ncurses-pkg-debugsource-4.1.5-150300.3.8.1 libyui-ncurses-pkg-devel-4.1.5-150300.3.8.1 libyui-ncurses-pkg15-4.1.5-150300.3.8.1 libyui-ncurses-pkg15-debuginfo-4.1.5-150300.3.8.1 libyui-ncurses-tools-4.1.5-150300.3.8.7 libyui-ncurses15-4.1.5-150300.3.8.7 libyui-ncurses15-debuginfo-4.1.5-150300.3.8.7 libyui-qt-debugsource-4.1.5-150300.3.8.6 libyui-qt-devel-4.1.5-150300.3.8.6 libyui-qt-graph-debugsource-4.1.5-150300.3.8.6 libyui-qt-graph-devel-4.1.5-150300.3.8.6 libyui-qt-graph15-4.1.5-150300.3.8.6 libyui-qt-graph15-debuginfo-4.1.5-150300.3.8.6 libyui-qt-pkg15-4.1.5-150300.3.8.1 libyui-qt-pkg15-debuginfo-4.1.5-150300.3.8.1 libyui-qt15-4.1.5-150300.3.8.6 libyui-qt15-debuginfo-4.1.5-150300.3.8.6 libyui15-4.1.5-150300.3.8.7 libyui15-debuginfo-4.1.5-150300.3.8.7 References: https://bugzilla.suse.com/1195114 From sle-updates at lists.suse.com Thu Mar 17 14:21:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:21:19 +0100 (CET) Subject: SUSE-SU-2022:0886-1: moderate: Security update for libreoffice Message-ID: <20220317142119.7E070F37A@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0886-1 Rating: moderate References: #1196456 SLE-18214 Cross-References: CVE-2021-25636 CVSS scores: CVE-2021-25636 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-25636 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for libreoffice fixes the following issues: Update to version 7.2.5.1 (jsc#SLE-18214): - CVE-2021-25636: Fixed an incorrect vadidation of digitally signed documents (bsc#1196456). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-886=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-886=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libreoffice-7.2.5.1-150300.14.22.18.3 libreoffice-base-7.2.5.1-150300.14.22.18.3 libreoffice-base-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-base-drivers-postgresql-7.2.5.1-150300.14.22.18.3 libreoffice-base-drivers-postgresql-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-calc-7.2.5.1-150300.14.22.18.3 libreoffice-calc-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-calc-extensions-7.2.5.1-150300.14.22.18.3 libreoffice-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-debugsource-7.2.5.1-150300.14.22.18.3 libreoffice-draw-7.2.5.1-150300.14.22.18.3 libreoffice-draw-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-filters-optional-7.2.5.1-150300.14.22.18.3 libreoffice-gnome-7.2.5.1-150300.14.22.18.3 libreoffice-gnome-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-gtk3-7.2.5.1-150300.14.22.18.3 libreoffice-gtk3-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-impress-7.2.5.1-150300.14.22.18.3 libreoffice-impress-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-mailmerge-7.2.5.1-150300.14.22.18.3 libreoffice-math-7.2.5.1-150300.14.22.18.3 libreoffice-math-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-officebean-7.2.5.1-150300.14.22.18.3 libreoffice-officebean-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-pyuno-7.2.5.1-150300.14.22.18.3 libreoffice-pyuno-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-writer-7.2.5.1-150300.14.22.18.3 libreoffice-writer-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-writer-extensions-7.2.5.1-150300.14.22.18.3 libreofficekit-7.2.5.1-150300.14.22.18.3 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libreoffice-branding-upstream-7.2.5.1-150300.14.22.18.3 libreoffice-icon-themes-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-af-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ar-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-as-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bg-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-br-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ca-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ckb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-cs-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-cy-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-da-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-de-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-dz-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-el-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-en-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-eo-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-es-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-et-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-eu-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fa-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fi-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fur-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ga-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-gl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-gu-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-he-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hi-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hu-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-it-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ja-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ko-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-lt-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-lv-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mai-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ml-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nso-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-or-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pa-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pt_BR-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pt_PT-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ro-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ru-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-si-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ss-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-st-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sv-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ta-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-te-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-th-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-tn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-tr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ts-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-uk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ve-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-xh-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-zh_CN-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-zh_TW-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-zu-7.2.5.1-150300.14.22.18.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le): libreoffice-7.2.5.1-150300.14.22.18.3 libreoffice-base-7.2.5.1-150300.14.22.18.3 libreoffice-base-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-base-drivers-postgresql-7.2.5.1-150300.14.22.18.3 libreoffice-base-drivers-postgresql-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-calc-7.2.5.1-150300.14.22.18.3 libreoffice-calc-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-calc-extensions-7.2.5.1-150300.14.22.18.3 libreoffice-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-debugsource-7.2.5.1-150300.14.22.18.3 libreoffice-draw-7.2.5.1-150300.14.22.18.3 libreoffice-draw-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-filters-optional-7.2.5.1-150300.14.22.18.3 libreoffice-gnome-7.2.5.1-150300.14.22.18.3 libreoffice-gnome-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-gtk3-7.2.5.1-150300.14.22.18.3 libreoffice-gtk3-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-impress-7.2.5.1-150300.14.22.18.3 libreoffice-impress-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-librelogo-7.2.5.1-150300.14.22.18.3 libreoffice-mailmerge-7.2.5.1-150300.14.22.18.3 libreoffice-math-7.2.5.1-150300.14.22.18.3 libreoffice-math-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-officebean-7.2.5.1-150300.14.22.18.3 libreoffice-officebean-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-pyuno-7.2.5.1-150300.14.22.18.3 libreoffice-pyuno-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-qt5-7.2.5.1-150300.14.22.18.3 libreoffice-qt5-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-sdk-7.2.5.1-150300.14.22.18.3 libreoffice-sdk-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-sdk-doc-7.2.5.1-150300.14.22.18.3 libreoffice-writer-7.2.5.1-150300.14.22.18.3 libreoffice-writer-debuginfo-7.2.5.1-150300.14.22.18.3 libreoffice-writer-extensions-7.2.5.1-150300.14.22.18.3 libreofficekit-7.2.5.1-150300.14.22.18.3 libreofficekit-devel-7.2.5.1-150300.14.22.18.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libreoffice-branding-upstream-7.2.5.1-150300.14.22.18.3 libreoffice-gdb-pretty-printers-7.2.5.1-150300.14.22.18.3 libreoffice-glade-7.2.5.1-150300.14.22.18.3 libreoffice-icon-themes-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-af-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-am-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ar-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-as-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ast-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-be-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bg-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bn_IN-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bo-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-br-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-brx-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-bs-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ca-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ca_valencia-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ckb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-cs-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-cy-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-da-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-de-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-dgo-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-dsb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-dz-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-el-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-en-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-en_GB-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-en_ZA-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-eo-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-es-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-et-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-eu-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fa-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fi-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fur-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-fy-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ga-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-gd-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-gl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-gu-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-gug-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-he-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hi-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hsb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-hu-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-id-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-is-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-it-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ja-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ka-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kab-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-km-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kmr_Latn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ko-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-kok-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ks-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-lb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-lo-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-lt-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-lv-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mai-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ml-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mni-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-mr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-my-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nb-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ne-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-nso-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-oc-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-om-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-or-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pa-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pt_BR-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-pt_PT-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ro-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ru-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-rw-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sa_IN-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sat-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sd-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-si-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sid-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sq-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ss-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-st-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sv-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-sw_TZ-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-szl-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ta-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-te-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-tg-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-th-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-tn-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-tr-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ts-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-tt-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ug-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-uk-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-uz-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-ve-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-vec-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-vi-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-xh-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-zh_CN-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-zh_TW-7.2.5.1-150300.14.22.18.3 libreoffice-l10n-zu-7.2.5.1-150300.14.22.18.3 References: https://www.suse.com/security/cve/CVE-2021-25636.html https://bugzilla.suse.com/1196456 From sle-updates at lists.suse.com Thu Mar 17 14:22:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:22:43 +0100 (CET) Subject: SUSE-RU-2022:0889-1: moderate: Recommended update for postgresql10 Message-ID: <20220317142243.D8B73F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0889-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql10 fixes the following issues: Upgrade to version 10.20 (bsc#1195680): - Reindexing might be needed after applying this upgrade, so please read the release notes carefully https://www.postgresql.org/docs/10/release-10-20.html - Add constraints file with 12GB of memory for s390x as a workaround (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-889=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-889=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): postgresql10-10.20-8.44.1 postgresql10-contrib-10.20-8.44.1 postgresql10-contrib-debuginfo-10.20-8.44.1 postgresql10-debuginfo-10.20-8.44.1 postgresql10-debugsource-10.20-8.44.1 postgresql10-devel-10.20-8.44.1 postgresql10-devel-debuginfo-10.20-8.44.1 postgresql10-plperl-10.20-8.44.1 postgresql10-plperl-debuginfo-10.20-8.44.1 postgresql10-plpython-10.20-8.44.1 postgresql10-plpython-debuginfo-10.20-8.44.1 postgresql10-pltcl-10.20-8.44.1 postgresql10-pltcl-debuginfo-10.20-8.44.1 postgresql10-server-10.20-8.44.1 postgresql10-server-debuginfo-10.20-8.44.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): postgresql10-docs-10.20-8.44.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-10.20-8.44.1 postgresql10-contrib-10.20-8.44.1 postgresql10-contrib-debuginfo-10.20-8.44.1 postgresql10-debuginfo-10.20-8.44.1 postgresql10-debugsource-10.20-8.44.1 postgresql10-devel-10.20-8.44.1 postgresql10-devel-debuginfo-10.20-8.44.1 postgresql10-plperl-10.20-8.44.1 postgresql10-plperl-debuginfo-10.20-8.44.1 postgresql10-plpython-10.20-8.44.1 postgresql10-plpython-debuginfo-10.20-8.44.1 postgresql10-pltcl-10.20-8.44.1 postgresql10-pltcl-debuginfo-10.20-8.44.1 postgresql10-server-10.20-8.44.1 postgresql10-server-debuginfo-10.20-8.44.1 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Thu Mar 17 14:24:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:24:32 +0100 (CET) Subject: SUSE-RU-2022:0887-1: moderate: Recommended update for s390-tools Message-ID: <20220317142432.78C4BF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0887-1 Rating: moderate References: #1196445 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Fix ziomon throughput calculation. Use time interval, during which read and write requests were started and finished, for calculation of throughput of zfcp adapter instead of d2c time of read and write requests (bsc#1196439) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-887=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.38.1 osasnmpd-debuginfo-2.1.0-18.38.1 s390-tools-2.1.0-18.38.1 s390-tools-debuginfo-2.1.0-18.38.1 s390-tools-debugsource-2.1.0-18.38.1 s390-tools-hmcdrvfs-2.1.0-18.38.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.38.1 s390-tools-zdsfs-2.1.0-18.38.1 s390-tools-zdsfs-debuginfo-2.1.0-18.38.1 References: https://bugzilla.suse.com/1196445 From sle-updates at lists.suse.com Thu Mar 17 14:25:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:25:33 +0100 (CET) Subject: SUSE-RU-2022:0891-1: moderate: Recommended update for libtirpc Message-ID: <20220317142533.D15E6F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0891-1 Rating: moderate References: #1193805 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issue: - fix memory leak in client protocol version 2 (bsc#1193805). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-891=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-891=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.16.1 libtirpc-devel-1.0.1-17.16.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.16.1 libtirpc-netconfig-1.0.1-17.16.1 libtirpc3-1.0.1-17.16.1 libtirpc3-debuginfo-1.0.1-17.16.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtirpc3-32bit-1.0.1-17.16.1 libtirpc3-debuginfo-32bit-1.0.1-17.16.1 References: https://bugzilla.suse.com/1193805 From sle-updates at lists.suse.com Thu Mar 17 14:26:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:26:35 +0100 (CET) Subject: SUSE-RU-2022:0890-1: moderate: Recommended update for src_vipa Message-ID: <20220317142635.CBDDBF37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for src_vipa ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0890-1 Rating: moderate References: #1141887 #1142048 #1192860 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for src_vipa fixes the following issues: - Fix crashes on IPv6 addresses due to one line of code assuming IPv4 address size (bsc#1141887, bsc#1142048, bsc#1192860) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-890=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): src_vipa-2.1.0-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): src_vipa-debuginfo-2.1.0-3.3.1 References: https://bugzilla.suse.com/1141887 https://bugzilla.suse.com/1142048 https://bugzilla.suse.com/1192860 From sle-updates at lists.suse.com Thu Mar 17 14:28:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 15:28:53 +0100 (CET) Subject: SUSE-RU-2022:0888-1: moderate: Recommended update for avahi Message-ID: <20220317142853.9EA94F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0888-1 Rating: moderate References: #1179060 #1194561 #1195614 #1196282 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-888=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-888=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-888=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-888=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): avahi-0.7-3.18.1 avahi-32bit-debuginfo-0.7-3.18.1 avahi-autoipd-0.7-3.18.1 avahi-autoipd-debuginfo-0.7-3.18.1 avahi-compat-howl-devel-0.7-3.18.1 avahi-compat-mDNSResponder-devel-0.7-3.18.1 avahi-debuginfo-0.7-3.18.1 avahi-debugsource-0.7-3.18.1 avahi-glib2-debugsource-0.7-3.18.1 avahi-utils-0.7-3.18.1 avahi-utils-debuginfo-0.7-3.18.1 avahi-utils-gtk-0.7-3.18.1 avahi-utils-gtk-debuginfo-0.7-3.18.1 libavahi-client3-0.7-3.18.1 libavahi-client3-32bit-0.7-3.18.1 libavahi-client3-32bit-debuginfo-0.7-3.18.1 libavahi-client3-debuginfo-0.7-3.18.1 libavahi-common3-0.7-3.18.1 libavahi-common3-32bit-0.7-3.18.1 libavahi-common3-32bit-debuginfo-0.7-3.18.1 libavahi-common3-debuginfo-0.7-3.18.1 libavahi-core7-0.7-3.18.1 libavahi-core7-debuginfo-0.7-3.18.1 libavahi-devel-0.7-3.18.1 libavahi-glib-devel-0.7-3.18.1 libavahi-glib1-0.7-3.18.1 libavahi-glib1-debuginfo-0.7-3.18.1 libavahi-gobject-devel-0.7-3.18.1 libavahi-gobject0-0.7-3.18.1 libavahi-gobject0-debuginfo-0.7-3.18.1 libavahi-ui-gtk3-0-0.7-3.18.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.18.1 libavahi-ui0-0.7-3.18.1 libavahi-ui0-debuginfo-0.7-3.18.1 libdns_sd-0.7-3.18.1 libdns_sd-debuginfo-0.7-3.18.1 libhowl0-0.7-3.18.1 libhowl0-debuginfo-0.7-3.18.1 typelib-1_0-Avahi-0_6-0.7-3.18.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): avahi-lang-0.7-3.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.18.1 avahi-debugsource-0.7-3.18.1 python3-avahi-0.7-3.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.18.1 avahi-autoipd-debuginfo-0.7-3.18.1 avahi-debuginfo-0.7-3.18.1 avahi-debugsource-0.7-3.18.1 avahi-glib2-debugsource-0.7-3.18.1 avahi-utils-gtk-0.7-3.18.1 avahi-utils-gtk-debuginfo-0.7-3.18.1 libavahi-gobject-devel-0.7-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.18.1 avahi-compat-howl-devel-0.7-3.18.1 avahi-compat-mDNSResponder-devel-0.7-3.18.1 avahi-debuginfo-0.7-3.18.1 avahi-debugsource-0.7-3.18.1 avahi-glib2-debugsource-0.7-3.18.1 avahi-utils-0.7-3.18.1 avahi-utils-debuginfo-0.7-3.18.1 libavahi-client3-0.7-3.18.1 libavahi-client3-debuginfo-0.7-3.18.1 libavahi-common3-0.7-3.18.1 libavahi-common3-debuginfo-0.7-3.18.1 libavahi-core7-0.7-3.18.1 libavahi-core7-debuginfo-0.7-3.18.1 libavahi-devel-0.7-3.18.1 libavahi-glib-devel-0.7-3.18.1 libavahi-glib1-0.7-3.18.1 libavahi-glib1-debuginfo-0.7-3.18.1 libavahi-gobject0-0.7-3.18.1 libavahi-gobject0-debuginfo-0.7-3.18.1 libavahi-ui-gtk3-0-0.7-3.18.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.18.1 libavahi-ui0-0.7-3.18.1 libavahi-ui0-debuginfo-0.7-3.18.1 libdns_sd-0.7-3.18.1 libdns_sd-debuginfo-0.7-3.18.1 libhowl0-0.7-3.18.1 libhowl0-debuginfo-0.7-3.18.1 typelib-1_0-Avahi-0_6-0.7-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): avahi-32bit-debuginfo-0.7-3.18.1 libavahi-client3-32bit-0.7-3.18.1 libavahi-client3-32bit-debuginfo-0.7-3.18.1 libavahi-common3-32bit-0.7-3.18.1 libavahi-common3-32bit-debuginfo-0.7-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): avahi-lang-0.7-3.18.1 References: https://bugzilla.suse.com/1179060 https://bugzilla.suse.com/1194561 https://bugzilla.suse.com/1195614 https://bugzilla.suse.com/1196282 From sle-updates at lists.suse.com Thu Mar 17 17:03:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 18:03:21 +0100 (CET) Subject: SUSE-CU-2022:277-1: Security update of suse/sles12sp3 Message-ID: <20220317170321.2EB99F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:277-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.364 , suse/sles12sp3:latest Container Release : 24.364 Severity : important Type : security References : 1196025 1196784 1196877 CVE-2022-0778 CVE-2022-25236 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:842-1 Released: Tue Mar 15 11:32:49 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:854-1 Released: Tue Mar 15 19:28:11 2022 Summary: Security update for openssl Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). The following package changes have been done: - libopenssl1_0_0-1.0.2j-60.75.1 updated - expat-2.1.0-21.22.1 updated - openssl-1.0.2j-60.75.1 updated - libexpat1-2.1.0-21.22.1 updated From sle-updates at lists.suse.com Thu Mar 17 17:16:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 18:16:47 +0100 (CET) Subject: SUSE-RU-2022:0893-1: moderate: Recommended update for postgresql13 Message-ID: <20220317171647.52A34F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0893-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql13 fixes the following issues: - Upgrade to 13.6: (bsc#1195680) * https://www.postgresql.org/docs/13/release-13-6.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-893=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-893=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-893=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-893=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): postgresql13-docs-13.6-5.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): postgresql13-13.6-5.25.1 postgresql13-contrib-13.6-5.25.1 postgresql13-contrib-debuginfo-13.6-5.25.1 postgresql13-debuginfo-13.6-5.25.1 postgresql13-debugsource-13.6-5.25.1 postgresql13-devel-13.6-5.25.1 postgresql13-devel-debuginfo-13.6-5.25.1 postgresql13-plperl-13.6-5.25.1 postgresql13-plperl-debuginfo-13.6-5.25.1 postgresql13-plpython-13.6-5.25.1 postgresql13-plpython-debuginfo-13.6-5.25.1 postgresql13-pltcl-13.6-5.25.1 postgresql13-pltcl-debuginfo-13.6-5.25.1 postgresql13-server-13.6-5.25.1 postgresql13-server-debuginfo-13.6-5.25.1 postgresql13-server-devel-13.6-5.25.1 postgresql13-server-devel-debuginfo-13.6-5.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-contrib-13.6-5.25.1 postgresql13-contrib-debuginfo-13.6-5.25.1 postgresql13-debuginfo-13.6-5.25.1 postgresql13-debugsource-13.6-5.25.1 postgresql13-devel-13.6-5.25.1 postgresql13-devel-debuginfo-13.6-5.25.1 postgresql13-plperl-13.6-5.25.1 postgresql13-plperl-debuginfo-13.6-5.25.1 postgresql13-plpython-13.6-5.25.1 postgresql13-plpython-debuginfo-13.6-5.25.1 postgresql13-pltcl-13.6-5.25.1 postgresql13-pltcl-debuginfo-13.6-5.25.1 postgresql13-server-13.6-5.25.1 postgresql13-server-debuginfo-13.6-5.25.1 postgresql13-server-devel-13.6-5.25.1 postgresql13-server-devel-debuginfo-13.6-5.25.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql13-docs-13.6-5.25.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-llvmjit-13.6-5.25.1 postgresql13-llvmjit-debuginfo-13.6-5.25.1 postgresql13-test-13.6-5.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-13.6-5.25.1 postgresql13-debuginfo-13.6-5.25.1 postgresql13-debugsource-13.6-5.25.1 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Thu Mar 17 17:22:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 18:22:28 +0100 (CET) Subject: SUSE-CU-2022:279-1: Security update of suse/sles12sp4 Message-ID: <20220317172228.13A19F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:279-1 Container Tags : suse/sles12sp4:26.424 , suse/sles12sp4:latest Container Release : 26.424 Severity : important Type : security References : 1196025 1196249 1196784 1196877 CVE-2022-0778 CVE-2022-25236 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:842-1 Released: Tue Mar 15 11:32:49 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:857-1 Released: Tue Mar 15 19:33:24 2022 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1196249,1196877,CVE-2022-0778 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249). The following package changes have been done: - base-container-licenses-3.0-1.273 updated - container-suseconnect-2.0.0-1.165 updated - libexpat1-2.1.0-21.22.1 updated - libopenssl1_0_0-1.0.2p-3.48.1 updated - openssl-1_0_0-1.0.2p-3.48.1 updated From sle-updates at lists.suse.com Thu Mar 17 17:37:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 18:37:39 +0100 (CET) Subject: SUSE-CU-2022:281-1: Security update of suse/sles12sp5 Message-ID: <20220317173739.05EF1F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:281-1 Container Tags : suse/sles12sp5:6.5.302 , suse/sles12sp5:latest Container Release : 6.5.302 Severity : important Type : security References : 1196025 1196784 CVE-2022-25236 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:842-1 Released: Tue Mar 15 11:32:49 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). The following package changes have been done: - libexpat1-2.1.0-21.22.1 updated From sle-updates at lists.suse.com Thu Mar 17 17:37:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 18:37:47 +0100 (CET) Subject: SUSE-CU-2022:282-1: Security update of suse/sles12sp5 Message-ID: <20220317173747.74250F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:282-1 Container Tags : suse/sles12sp5:6.5.303 , suse/sles12sp5:latest Container Release : 6.5.303 Severity : important Type : security References : 1196249 1196877 CVE-2022-0778 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:857-1 Released: Tue Mar 15 19:33:24 2022 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1196249,1196877,CVE-2022-0778 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.48.1 updated - openssl-1_0_0-1.0.2p-3.48.1 updated From sle-updates at lists.suse.com Thu Mar 17 18:08:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 19:08:45 +0100 (CET) Subject: SUSE-CU-2022:283-1: Security update of suse/sle15 Message-ID: <20220317180845.EE086F37B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:283-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.529 Container Release : 4.22.529 Severity : important Type : security References : 1099272 1115529 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1180995 1181826 1182959 1187906 1190926 1193805 1194229 1195149 1195792 1195856 1196877 1197004 CVE-2020-14367 CVE-2022-0778 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:851-1 Released: Tue Mar 15 19:25:52 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1180995,1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Add safe primes to DH parameter generation as recommended from RFC7919 and RFC3526 (bsc#1180995). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - libaugeas0-1.10.1-3.9.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-1.1.0i-4.66.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libz1-1.2.11-3.26.10 updated - openssl-1_1-1.1.0i-4.66.1 updated From sle-updates at lists.suse.com Thu Mar 17 20:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Mar 2022 21:17:13 +0100 (CET) Subject: SUSE-SU-2022:0895-1: moderate: Security update for python-lxml Message-ID: <20220317201713.4EB80F37D@maintenance.suse.de> SUSE Security Update: Security update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0895-1 Rating: moderate References: #1118088 #1179534 #1184177 #1193752 Cross-References: CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-43818 CVSS scores: CVE-2018-19787 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-19787 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2020-27783 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-27783 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-43818 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-43818 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-lxml fixes the following issues: - CVE-2021-43818: Removed SVG image data URLs since they can embed script content (bsc#1193752). - CVE-2021-28957: Fixed a potential XSS due to improper input sanitization (bsc#1184177). - CVE-2020-27783: Fixed a potential XSS due to improper HTML parsing (bsc#1179534). - CVE-2018-19787: Fixed a potential XSS due to improper input sanitization (bsc#1118088). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-895=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-895=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-895=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-895=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-lxml-3.6.1-8.5.1 python-lxml-debuginfo-3.6.1-8.5.1 python-lxml-debugsource-3.6.1-8.5.1 - SUSE OpenStack Cloud 8 (x86_64): python-lxml-3.6.1-8.5.1 python-lxml-debuginfo-3.6.1-8.5.1 python-lxml-debugsource-3.6.1-8.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-lxml-3.6.1-8.5.1 python-lxml-debuginfo-3.6.1-8.5.1 python-lxml-debugsource-3.6.1-8.5.1 - HPE Helion Openstack 8 (x86_64): python-lxml-3.6.1-8.5.1 python-lxml-debuginfo-3.6.1-8.5.1 python-lxml-debugsource-3.6.1-8.5.1 References: https://www.suse.com/security/cve/CVE-2018-19787.html https://www.suse.com/security/cve/CVE-2020-27783.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2021-43818.html https://bugzilla.suse.com/1118088 https://bugzilla.suse.com/1179534 https://bugzilla.suse.com/1184177 https://bugzilla.suse.com/1193752 From sle-updates at lists.suse.com Fri Mar 18 13:54:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 14:54:04 +0100 (CET) Subject: SUSE-CU-2022:285-1: Recommended update of suse/sle15 Message-ID: <20220318135404.C0F7DF37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:285-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.580 Container Release : 6.2.580 Severity : moderate Type : recommended References : 1194845 1195468 1196494 1196495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libprocps7-3.3.15-7.22.1 updated - procps-3.3.15-7.22.1 updated - suse-build-key-12.0-8.19.1 updated From sle-updates at lists.suse.com Fri Mar 18 13:54:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 14:54:16 +0100 (CET) Subject: SUSE-CU-2022:286-1: Security update of suse/sle15 Message-ID: <20220318135416.67823F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:286-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.582 Container Release : 6.2.582 Severity : important Type : security References : 1193625 1194640 1194768 1194770 1195258 1195560 CVE-2015-8985 CVE-2021-22570 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) The following package changes have been done: - glibc-2.26-13.65.1 updated - libprotobuf-lite15-3.5.0-5.5.1 updated From sle-updates at lists.suse.com Fri Mar 18 13:54:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 14:54:29 +0100 (CET) Subject: SUSE-CU-2022:287-1: Security update of suse/sle15 Message-ID: <20220318135429.CE2FEF37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:287-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.587 Container Release : 6.2.587 Severity : important Type : security References : 1099272 1115529 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187906 1190926 1193805 1194229 1195149 1195792 1195856 1196877 1197004 CVE-2020-14367 CVE-2022-0778 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - libaugeas0-1.10.1-3.9.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-1.1.0i-14.27.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libz1-1.2.11-3.26.10 updated - openssl-1_1-1.1.0i-14.27.1 updated From sle-updates at lists.suse.com Fri Mar 18 14:17:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 15:17:16 +0100 (CET) Subject: SUSE-RU-2022:0900-1: moderate: Recommended update for postgresql Message-ID: <20220318141716.3DBEDF385@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0900-1 Rating: moderate References: #1195680 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-900=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-900=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): postgresql-devel-14-4.13.1 postgresql-server-devel-14-4.13.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql-14-4.13.1 postgresql-contrib-14-4.13.1 postgresql-docs-14-4.13.1 postgresql-plperl-14-4.13.1 postgresql-plpython-14-4.13.1 postgresql-pltcl-14-4.13.1 postgresql-server-14-4.13.1 References: https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Fri Mar 18 14:18:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 15:18:17 +0100 (CET) Subject: SUSE-RU-2022:0896-1: moderate: Recommended update for postgresql10 Message-ID: <20220318141817.C21EAF385@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0896-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql10 fixes the following issues: - Upgrade to 10.20: (bsc#1195680) * https://www.postgresql.org/docs/10/release-10-20.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for 's390x' as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-896=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-896=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-debugsource-10.20-4.25.3 postgresql10-devel-10.20-4.25.3 postgresql10-devel-debuginfo-10.20-4.25.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-10.20-4.25.3 postgresql10-contrib-10.20-4.25.3 postgresql10-contrib-debuginfo-10.20-4.25.3 postgresql10-debuginfo-10.20-4.25.3 postgresql10-debugsource-10.20-4.25.3 postgresql10-plperl-10.20-4.25.3 postgresql10-plperl-debuginfo-10.20-4.25.3 postgresql10-plpython-10.20-4.25.3 postgresql10-plpython-debuginfo-10.20-4.25.3 postgresql10-pltcl-10.20-4.25.3 postgresql10-pltcl-debuginfo-10.20-4.25.3 postgresql10-server-10.20-4.25.3 postgresql10-server-debuginfo-10.20-4.25.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql10-docs-10.20-4.25.3 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Fri Mar 18 14:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 15:20:25 +0100 (CET) Subject: SUSE-RU-2022:0897-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20220318142025.9ED8DF385@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0897-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 5_3_18-150300_59_43, 5_3_18-24_99, 5_3_18-59_40. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-898=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-898=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-898=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-898=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-897=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-897=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2022-897=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2022-897=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-4.69.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.69.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.69.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.69.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.103.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.103.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.103.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.103.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Fri Mar 18 14:21:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 15:21:31 +0100 (CET) Subject: SUSE-SU-2022:0901-1: important: Security update for frr Message-ID: <20220318142131.7F8C5F385@maintenance.suse.de> SUSE Security Update: Security update for frr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0901-1 Rating: important References: #1180217 #1196503 #1196504 #1196505 #1196506 #1196507 Cross-References: CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128 CVE-2022-26129 CVSS scores: CVE-2022-26125 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26125 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26126 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26126 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26127 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26127 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26128 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26128 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-26129 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26129 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for frr fixes the following issues: - CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in unpack_tlv_router_cap() (bsc#1196505, bsc#1196506). - CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin() (bsc#1196503). - CVE-2022-26128: Fixed buffer overflows in babel_packet_examin() (bsc#1196507). - CVE-2022-26129: Fixed buffer overflows in parse_hello_subtlv(), parse_ihu_subtlv() and parse_update_subtlv() (bsc#1196504). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-901=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-901=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.3.1 frr-debuginfo-7.4-150300.4.3.1 frr-debugsource-7.4-150300.4.3.1 frr-devel-7.4-150300.4.3.1 libfrr0-7.4-150300.4.3.1 libfrr0-debuginfo-7.4-150300.4.3.1 libfrr_pb0-7.4-150300.4.3.1 libfrr_pb0-debuginfo-7.4-150300.4.3.1 libfrrcares0-7.4-150300.4.3.1 libfrrcares0-debuginfo-7.4-150300.4.3.1 libfrrfpm_pb0-7.4-150300.4.3.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.3.1 libfrrgrpc_pb0-7.4-150300.4.3.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.3.1 libfrrospfapiclient0-7.4-150300.4.3.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.3.1 libfrrsnmp0-7.4-150300.4.3.1 libfrrsnmp0-debuginfo-7.4-150300.4.3.1 libfrrzmq0-7.4-150300.4.3.1 libfrrzmq0-debuginfo-7.4-150300.4.3.1 libmlag_pb0-7.4-150300.4.3.1 libmlag_pb0-debuginfo-7.4-150300.4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.3.1 frr-debuginfo-7.4-150300.4.3.1 frr-debugsource-7.4-150300.4.3.1 frr-devel-7.4-150300.4.3.1 libfrr0-7.4-150300.4.3.1 libfrr0-debuginfo-7.4-150300.4.3.1 libfrr_pb0-7.4-150300.4.3.1 libfrr_pb0-debuginfo-7.4-150300.4.3.1 libfrrcares0-7.4-150300.4.3.1 libfrrcares0-debuginfo-7.4-150300.4.3.1 libfrrfpm_pb0-7.4-150300.4.3.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.3.1 libfrrgrpc_pb0-7.4-150300.4.3.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.3.1 libfrrospfapiclient0-7.4-150300.4.3.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.3.1 libfrrsnmp0-7.4-150300.4.3.1 libfrrsnmp0-debuginfo-7.4-150300.4.3.1 libfrrzmq0-7.4-150300.4.3.1 libfrrzmq0-debuginfo-7.4-150300.4.3.1 libmlag_pb0-7.4-150300.4.3.1 libmlag_pb0-debuginfo-7.4-150300.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-26125.html https://www.suse.com/security/cve/CVE-2022-26126.html https://www.suse.com/security/cve/CVE-2022-26127.html https://www.suse.com/security/cve/CVE-2022-26128.html https://www.suse.com/security/cve/CVE-2022-26129.html https://bugzilla.suse.com/1180217 https://bugzilla.suse.com/1196503 https://bugzilla.suse.com/1196504 https://bugzilla.suse.com/1196505 https://bugzilla.suse.com/1196506 https://bugzilla.suse.com/1196507 From sle-updates at lists.suse.com Fri Mar 18 14:23:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 15:23:59 +0100 (CET) Subject: SUSE-RU-2022:0899-1: moderate: Recommended update for smartmontools Message-ID: <20220318142359.168D5F385@maintenance.suse.de> SUSE Recommended Update: Recommended update for smartmontools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0899-1 Rating: moderate References: #1195785 SLE-21751 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for smartmontools fixes the following issues: - Restart smartd and generate smartd_opts only if there are real sysconfig changes; do not trigger generate_smartd_opts by YaST, systemd is enough. (bsc#1195785) - Update smartmontools to the latest version from the upstream branch. (jsc#SLE-21751) - Fix update needed logic. - update to 7.2 (jsc#SLE-21751): - smartctl: New option '--json=y[c]' selects YAML output. - smartctl '-i': Prints ATA TRIM and Zoned Device capabilities. - smartctl '-j': Fixed 'scsi_grown_defect_list' value. - smartctl '-a': Prints SCSI 'Accumulated power on time'. - smartctl '-n POWERMODE': SCSI support. - smartctl '-s standby,now' and '-s standby,off': SCSI support. - smartctl '-c': NVMe 1.4 additions. - smartd: Support for staggered self-tests. - smartd: No longer writes attribute log if no attributes were read due to standby mode or other error. - smartd: Now resolves symlinks before device names are checked for duplicates. - smartd: Fixed SMARTD_DEVICETYPE environment variable if DEVICESCAN is used without '-d TYPE'. - ATA: Device type '-d jmb39x-q,N' for JMB39x protocol variant used by some QNAP NAS devices. - ATA: Device type '-d jms56x,N' for JMS562 USB to SATA RAID bridges. - SCSI: Improved heuristics for log subpages of new and very old disks. - NVMe: Log transfer size limited to avoid device or kernel crashes. - NVMEe/USB: Device type '-d sntrealtek' for Realtek RTL9210 USB to NVMe bridges. - update-smart-drivedb: New option '--branch X.Y'. - HDD, SSD and USB additions to drive database. - Dropped support for pre-C99 snprintf(). - configure: Dropped option '--without-working-snprintf'. - configure: Fixed '-fstack-protector*' detection. - Linux: Various fixes of smartd.service file (bsc#1183699). - Darwin: NVMe log support. - FreeBSD: Device scan does no longer include T_ENCLOSURE devices. - NetBSD: Fixed timeout handling. - NetBSD big endian: Fixed ATA register handling. - OpenBSD: Fixed timeout handling. - Windows: Dropped backward compatibility fixes for very old compilers. - Update to version 7.1: - smartctl: Fixed bogus exception on unknown form factor value. - smartctl '--json=cg': Suppresses extra spaces also in 'g' format. - smartctl '-i': ATA ACS-4 and ACS-5 enhancements. - smartd: No longer truncates very long device names in warning emails. - smartd: No longer skips scheduled tests if system clock has been adjusted to the past. - smartd '-A': Attribute logs now use local time instead of UTC. - Autodetection of '-d sntjmicron' type for JMicron USB to NVMe bridges. - Fixed segfault on CCISS transfer sizes. - Fixed smartd.service 'Type' if libsystemd-dev is not available. - Fixed '/dev/megaraid_sas_ioctl_node' fd leak. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-899=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): smartmontools-7.2-150300.8.5.1 smartmontools-debuginfo-7.2-150300.8.5.1 smartmontools-debugsource-7.2-150300.8.5.1 References: https://bugzilla.suse.com/1195785 From sle-updates at lists.suse.com Fri Mar 18 15:08:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:08:35 +0100 (CET) Subject: SUSE-CU-2022:288-1: Recommended update of suse/sle15 Message-ID: <20220318150835.22FCCF385@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:288-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.98 Container Release : 9.5.98 Severity : moderate Type : recommended References : 1194845 1195326 1196494 1196495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) The following package changes have been done: - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libzypp-17.29.4-31.1 updated - suse-build-key-12.0-8.19.1 updated - zypper-1.14.51-27.1 updated From sle-updates at lists.suse.com Fri Mar 18 15:08:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:08:46 +0100 (CET) Subject: SUSE-CU-2022:289-1: Recommended update of suse/sle15 Message-ID: <20220318150846.A6721F385@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:289-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.99 Container Release : 9.5.99 Severity : moderate Type : recommended References : 1195468 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - libprocps7-3.3.15-7.22.1 updated - procps-3.3.15-7.22.1 updated From sle-updates at lists.suse.com Fri Mar 18 15:08:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:08:58 +0100 (CET) Subject: SUSE-CU-2022:290-1: Security update of suse/sle15 Message-ID: <20220318150858.7C934F385@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:290-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.100 Container Release : 9.5.100 Severity : important Type : security References : 1193625 1194640 1194768 1194770 1195560 CVE-2015-8985 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) The following package changes have been done: - glibc-2.26-13.65.1 updated From sle-updates at lists.suse.com Fri Mar 18 15:09:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:09:10 +0100 (CET) Subject: SUSE-CU-2022:291-1: Security update of suse/sle15 Message-ID: <20220318150910.557B0F385@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:291-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.105 Container Release : 9.5.105 Severity : moderate Type : security References : 1099272 1115529 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187906 1190926 1193805 1194229 1195149 1195792 1195856 1197004 CVE-2020-14367 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - libaugeas0-1.10.1-3.9.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libz1-1.2.11-3.26.10 updated - openssl-1_1-1.1.1d-11.43.1 updated From sle-updates at lists.suse.com Fri Mar 18 15:55:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:55:28 +0100 (CET) Subject: SUSE-CU-2022:293-1: Recommended update of bci/bci-init Message-ID: <20220318155528.56046F37A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:293-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.3 , bci/bci-init:latest Container Release : 11.3 Severity : moderate Type : recommended References : 1195326 1195654 1196825 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) The following package changes have been done: - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - libzypp-17.29.4-31.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-17.11.2 updated From sle-updates at lists.suse.com Fri Mar 18 15:55:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:55:37 +0100 (CET) Subject: SUSE-CU-2022:294-1: Recommended update of bci/bci-init Message-ID: <20220318155537.87C6EF37A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:294-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.6 , bci/bci-init:latest Container Release : 11.6 Severity : moderate Type : recommended References : 1195468 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - libprocps7-3.3.15-7.22.1 updated - procps-3.3.15-7.22.1 updated - container:sles15-image-15.0.0-17.11.3 updated From sle-updates at lists.suse.com Fri Mar 18 15:55:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:55:46 +0100 (CET) Subject: SUSE-CU-2022:295-1: Security update of bci/bci-init Message-ID: <20220318155546.95560F37A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:295-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.15 , bci/bci-init:latest Container Release : 11.15 Severity : important Type : security References : 1099272 1115529 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187906 1190926 1194229 1195149 1195792 1195856 1196025 1196784 CVE-2020-14367 CVE-2022-25236 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 The following package changes have been done: - glibc-2.31-150300.20.7 updated - libaugeas0-1.10.1-3.9.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libexpat1-2.2.5-3.19.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libz1-1.2.11-3.26.10 updated - openssl-1_1-1.1.1d-11.43.1 updated - container:sles15-image-15.0.0-17.11.7 updated From sle-updates at lists.suse.com Fri Mar 18 15:55:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:55:55 +0100 (CET) Subject: SUSE-CU-2022:296-1: Recommended update of bci/bci-init Message-ID: <20220318155555.9BB48F37A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:296-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.18 , bci/bci-init:latest Container Release : 11.18 Severity : moderate Type : recommended References : 1197004 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - container:sles15-image-15.0.0-17.11.8 updated From sle-updates at lists.suse.com Fri Mar 18 15:56:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:56:19 +0100 (CET) Subject: SUSE-CU-2022:297-1: Recommended update of bci/bci-micro Message-ID: <20220318155619.E9A89F37A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:297-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.12.7 , bci/bci-micro:latest Container Release : 12.7 Severity : moderate Type : recommended References : 1182959 1195149 1195792 1195856 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 The following package changes have been done: - glibc-2.31-150300.20.7 updated From sle-updates at lists.suse.com Fri Mar 18 15:57:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:57:09 +0100 (CET) Subject: SUSE-CU-2022:300-1: Recommended update of bci/bci-minimal Message-ID: <20220318155709.ECE66F37A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:300-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.23.16 , bci/bci-minimal:latest Container Release : 23.16 Severity : moderate Type : recommended References : 1182959 1195149 1195792 1195856 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 The following package changes have been done: - glibc-2.31-150300.20.7 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libz1-1.2.11-3.26.10 updated - container:micro-image-15.3.0-12.7 updated From sle-updates at lists.suse.com Fri Mar 18 15:58:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 16:58:42 +0100 (CET) Subject: SUSE-CU-2022:302-1: Security update of bci/openjdk-devel Message-ID: <20220318155842.A5A19F37A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:302-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.19 , bci/openjdk-devel:latest Container Release : 14.19 Severity : important Type : security References : 1187512 1188348 1188507 1190447 1192954 1193632 1194265 1194925 1194926 1194927 1194928 1194929 1194930 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 1194976 1195326 1195468 1195654 1196025 1196026 1196036 1196168 1196169 1196171 CVE-2021-3995 CVE-2021-3996 CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:816-1 Released: Mon Mar 14 10:22:04 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,CVE-2022-21248,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366 This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927) The following package changes have been done: - filesystem-15.0-11.5.1 updated - java-11-openjdk-devel-11.0.14.0-3.74.2 updated - java-11-openjdk-headless-11.0.14.0-3.74.2 updated - java-11-openjdk-11.0.14.0-3.74.2 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.36.2-150300.4.14.3 updated - libprocps7-3.3.15-7.22.1 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - libzypp-17.29.4-31.1 updated - login_defs-4.8.1-150300.4.3.8 updated - procps-3.3.15-7.22.1 updated - shadow-4.8.1-150300.4.3.8 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-2.36.2-150300.4.14.3 updated - zypper-1.14.51-27.1 updated - container:openjdk-11-image-15.3.0-14.11 updated From sle-updates at lists.suse.com Fri Mar 18 16:00:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:00:06 +0100 (CET) Subject: SUSE-CU-2022:303-1: Security update of bci/openjdk Message-ID: <20220318160006.5DF45F385@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:303-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-14.11 , bci/openjdk:latest Container Release : 14.11 Severity : important Type : security References : 1187512 1188348 1188507 1190447 1192954 1193632 1194265 1194925 1194926 1194927 1194928 1194929 1194930 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 1194976 1195326 1195468 1195654 1196025 1196026 1196036 1196168 1196169 1196171 CVE-2021-3995 CVE-2021-3996 CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:816-1 Released: Mon Mar 14 10:22:04 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1194925,1194926,1194927,1194928,1194929,1194930,1194931,1194932,1194933,1194934,1194935,1194937,1194939,1194940,1194941,CVE-2022-21248,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296,CVE-2022-21299,CVE-2022-21305,CVE-2022-21340,CVE-2022-21341,CVE-2022-21360,CVE-2022-21365,CVE-2022-21366 This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. (bnc#1194926) - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. (bnc#1194930) - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT TransformerImpl. (bnc#1194933) - CVE-2022-21283: Fixed unexpected exception thrown in regex Pattern. (bnc#1194937) - CVE-2022-21291: Fixed Incorrect marking of writeable fields. (bnc#1194925) - CVE-2022-21293: Fixed Incomplete checks of StringBuffer and StringBuilder during deserialization. (bnc#1194935) - CVE-2022-21294: Fixed Incorrect IdentityHashMap size checks during deserialization. (bnc#1194934) - CVE-2022-21296: Fixed Incorrect access checks in XMLEntityManager. (bnc#1194932) - CVE-2022-21299: Fixed Infinite loop related to incorrect handling of newlines in XMLEntityScanner. (bnc#1194931) - CVE-2022-21305: Fixed Array indexing issues in LIRGenerator. (bnc#1194939) - CVE-2022-21340: Fixed Excessive resource use when reading JAR manifest attributes. (bnc#1194940) - CVE-2022-21341: Fixed OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream. (bnc#1194941) - CVE-2022-21360: Fixed Excessive memory allocation in BMPImageReader. (bnc#1194929) - CVE-2022-21365: Fixed Integer overflow in BMPImageReader. (bnc#1194928) - CVE-2022-21366: Fixed Excessive memory allocation in TIFF*Decompressor. (bnc#1194927) The following package changes have been done: - filesystem-15.0-11.5.1 updated - java-11-openjdk-headless-11.0.14.0-3.74.2 updated - java-11-openjdk-11.0.14.0-3.74.2 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.36.2-150300.4.14.3 updated - libprocps7-3.3.15-7.22.1 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - libzypp-17.29.4-31.1 updated - login_defs-4.8.1-150300.4.3.8 updated - procps-3.3.15-7.22.1 updated - shadow-4.8.1-150300.4.3.8 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-2.36.2-150300.4.14.3 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-17.11.4 updated From sle-updates at lists.suse.com Fri Mar 18 16:12:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:12:03 +0100 (CET) Subject: SUSE-CU-2022:304-1: Recommended update of suse/sle15 Message-ID: <20220318161203.0CBCDF37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:304-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.4 , suse/sle15:15.3 , suse/sle15:15.3.17.11.4 Container Release : 17.11.4 Severity : moderate Type : recommended References : 1194845 1195326 1195468 1196494 1196495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libprocps7-3.3.15-7.22.1 updated - libzypp-17.29.4-31.1 updated - procps-3.3.15-7.22.1 updated - suse-build-key-12.0-8.19.1 updated - zypper-1.14.51-27.1 updated From sle-updates at lists.suse.com Fri Mar 18 16:12:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:12:12 +0100 (CET) Subject: SUSE-CU-2022:305-1: Security update of suse/sle15 Message-ID: <20220318161212.47EDFF37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:305-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.6 , suse/sle15:15.3 , suse/sle15:15.3.17.11.6 Container Release : 17.11.6 Severity : moderate Type : security References : 1099272 1115529 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1187906 1190926 1194229 CVE-2020-14367 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step The following package changes have been done: - libaugeas0-1.10.1-3.9.1 updated From sle-updates at lists.suse.com Fri Mar 18 16:12:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:12:21 +0100 (CET) Subject: SUSE-CU-2022:306-1: Recommended update of suse/sle15 Message-ID: <20220318161221.C61D0F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:306-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.7 , suse/sle15:15.3 , suse/sle15:15.3.17.11.7 Container Release : 17.11.7 Severity : moderate Type : recommended References : 1182959 1195149 1195792 1195856 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 The following package changes have been done: - glibc-2.31-150300.20.7 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libz1-1.2.11-3.26.10 updated - openssl-1_1-1.1.1d-11.43.1 updated From sle-updates at lists.suse.com Fri Mar 18 16:12:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:12:31 +0100 (CET) Subject: SUSE-CU-2022:307-1: Recommended update of suse/sle15 Message-ID: <20220318161231.69AD1F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:307-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.8 , suse/sle15:15.3 , suse/sle15:15.3.17.11.8 Container Release : 17.11.8 Severity : moderate Type : recommended References : 1197004 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated From sle-updates at lists.suse.com Fri Mar 18 16:13:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:13:08 +0100 (CET) Subject: SUSE-CU-2022:308-1: Security update of suse/sle15 Message-ID: <20220318161308.18E17F37A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:308-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.24.9 , suse/sle15:15.4 , suse/sle15:15.4.24.9 Container Release : 24.9 Severity : important Type : security References : 1194265 1194845 1195468 1195654 1196036 1196494 1196495 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - bash-4.4-150400.23.77 updated - cpio-2.13-150400.1.66 updated - libaudit1-3.0.6-150400.1.18 updated - libblkid1-2.37.2-150400.5.3 updated - libbz2-1-1.0.8-150400.1.84 updated - libcom_err2-1.46.4-150400.1.49 updated - libdw1-0.185-150400.3.5 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.9 updated - libelf1-0.185-150400.3.5 updated - libfdisk1-2.37.2-150400.5.3 updated - libgcrypt20-hmac-1.9.4-150400.2.14 updated - libgcrypt20-1.9.4-150400.2.14 updated - libgpg-error0-1.42-150400.1.90 updated - libgpgme11-1.16.0-150400.1.55 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.37.2-150400.5.3 updated - libopenssl1_1-hmac-1.1.1l-150400.3.15 updated - libopenssl1_1-1.1.1l-150400.3.15 updated - libprocps7-3.3.15-7.22.1 updated - libreadline7-7.0-150400.23.77 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libselinux1-3.1-150400.1.36 updated - libsemanage1-3.1-150400.1.34 updated - libsepol1-3.1-150400.1.37 updated - libsmartcols1-2.37.2-150400.5.3 updated - libsolv-tools-0.7.21-150400.1.1 updated - libsystemd0-249.10-150400.3.7 updated - libudev1-249.10-150400.3.7 updated - libuuid1-2.37.2-150400.5.3 updated - libzstd1-1.5.0-150400.1.42 updated - libzypp-17.29.6-150400.1.1 updated - login_defs-4.8.1-150400.8.24 updated - openssl-1_1-1.1.1l-150400.3.15 updated - permissions-20201225-150400.1.1 updated - procps-3.3.15-7.22.1 updated - rpm-config-SUSE-1-150400.12.7 updated - shadow-4.8.1-150400.8.24 updated - sles-release-15.4-150400.44.1 updated - suse-build-key-12.0-8.19.1 updated - system-group-hardware-20170617-150400.21.56 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-2.37.2-150400.5.3 updated - zypper-1.14.52-150400.1.2 updated From sle-updates at lists.suse.com Fri Mar 18 16:15:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:15:35 +0100 (CET) Subject: SUSE-CU-2022:309-1: Security update of trento/trento-db Message-ID: <20220318161535.D2E5BF37A@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:309-1 Container Tags : trento/trento-db:14.1 , trento/trento-db:14.1-rev1.0.0 , trento/trento-db:14.1-rev1.0.0-build2.2.43 , trento/trento-db:latest Container Release : 2.2.43 Severity : important Type : security References : 1029961 1113013 1161276 1162581 1169614 1172973 1172974 1174504 1174504 1176804 1177598 1178236 1181640 1182998 1184614 1187153 1187273 1187654 1188348 1188507 1188520 1188623 1188914 1188921 1189152 1189454 1189520 1189521 1189521 1189683 1189996 1190052 1190373 1190374 1190447 1190793 1190850 1191563 1191736 1191987 1192160 1192248 1192489 1192688 1192717 1192954 1193166 1193273 1193480 1193632 1194265 1194265 1194976 1195654 1196025 1196026 1196036 1196168 1196169 1196171 1196825 CVE-2019-20838 CVE-2020-14155 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-22946 CVE-2021-22947 CVE-2021-3602 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-39537 CVE-2021-3995 CVE-2021-3996 CVE-2021-4024 CVE-2021-41190 CVE-2021-43618 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low References: 1189454 This optional update for coreutils fixes the following issue: - Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) The following package changes have been done: - file-magic-5.32-7.14.1 updated - libldap-data-2.4.46-9.58.1 updated - filesystem-15.0-11.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - glibc-2.31-150300.9.12.1 updated - libuuid1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libblkid1-2.36.2-150300.4.14.3 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libz1-1.2.11-3.24.1 updated - libpcre1-8.45-20.10.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libgmp10-6.1.2-4.9.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libncurses6-6.1-5.9.1 updated - terminfo-base-6.1-5.9.1 updated - ncurses-utils-6.1-5.9.1 updated - libudev1-246.16-150300.7.39.1 updated - libmount1-2.36.2-150300.4.14.3 updated - krb5-1.19.2-150300.8.3.2 updated - login_defs-4.8.1-150300.4.3.8 updated - libgcrypt20-1.8.2-8.42.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - cracklib-2.9.7-11.6.1 updated - libsystemd0-246.16-150300.7.39.1 updated - coreutils-8.32-150300.3.5.1 updated - rpm-config-SUSE-1-5.6.1 updated - permissions-20181225-23.12.1 updated - pam-1.3.0-6.50.1 updated - shadow-4.8.1-150300.4.3.8 updated - system-group-hardware-20170617-17.3.1 updated - util-linux-2.36.2-150300.4.14.3 updated - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - netcfg-11.6-3.3.1 updated - libexpat1-2.2.5-3.15.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - container:sles15-image-15.0.0-17.9.1 updated From sle-updates at lists.suse.com Fri Mar 18 16:16:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:16:09 +0100 (CET) Subject: SUSE-CU-2022:310-1: Security update of trento/trento-runner Message-ID: <20220318161609.CE7E7F37A@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:310-1 Container Tags : trento/trento-runner:0.9.1 , trento/trento-runner:0.9.1-rev1.1.0 , trento/trento-runner:0.9.1-rev1.1.0-build3.2.22 , trento/trento-runner:latest Container Release : 3.2.22 Severity : critical Type : security References : 1029961 1113013 1134353 1139519 1143913 1151557 1151558 1161276 1162581 1166028 1169614 1171962 1172973 1172974 1174504 1174504 1178236 1178561 1180064 1183572 1183574 1184614 1184994 1184994 1185972 1186071 1186489 1187153 1187273 1187654 1187911 1187993 1188063 1188291 1188348 1188507 1188571 1188588 1188623 1188713 1188921 1189152 1189446 1189454 1189480 1189520 1189521 1189521 1189996 1190052 1190373 1190374 1190401 1190440 1190447 1190515 1190793 1190850 1190858 1190984 1191227 1191532 1191563 1191592 1191736 1191826 1191987 1192160 1192161 1192248 1192423 1192489 1192637 1192684 1192688 1192717 1192858 1192954 1193086 1193480 1193632 1193690 1193759 1194178 1194178 1194265 1194265 1194640 1194768 1194770 1194785 1194859 1194976 1195048 1195654 1196025 1196026 1196036 1196168 1196169 1196171 CVE-2019-20838 CVE-2020-13529 CVE-2020-14155 CVE-2020-27840 CVE-2020-29361 CVE-2021-20277 CVE-2021-20316 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-39537 CVE-2021-3995 CVE-2021-3996 CVE-2021-3997 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1979-1 Released: Tue Jul 21 02:41:47 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1143913 This update for golang-github-prometheus-node_exporter fixes the following issues: - Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110) 0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks - Add network-online (Wants and After) dependency to systemd unit. (bsc#1143913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2842-1 Released: Fri Oct 2 12:17:55 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1151557 This update for golang-github-prometheus-node_exporter fixes the following issues: - Add missing sysconfig file in rpm bsc#1151557 - Changes from 1.0.1 * Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via `osc service disabledrun` * Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749 - Changes from 1.0.0 * Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671 * Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0 - Changes from 1.0.0-rc.0 Breaking changes * The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279 * The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393 * Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for 'fail', 'spare', 'active' disks. node_md_is_active is replaced by node_md_state with a state set of 'active', 'inactive', 'recovering', 'resync'. * Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417 * Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510 * Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2107-1 Released: Mon Jun 21 19:29:09 2021 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1151558 This update for golang-github-prometheus-node_exporter fixes the following issues: Update from version 1.0.1 to version 1.1.2 - Bug fixes: - Do not include sources (bsc#1151558) - Handle errors from disabled `Pressure Stall Information (PSI)` subsystem - Sanitize strings from `/sys/class/power_supply` - Silence missing `netclass` errors - Fix `ineffassign` issue - Demote some warning to `Debug` level - `filesystem_freebsd`: Fix label values - Fix various `procfs` parsing errors - Handle no data from the power supply class - `udp_queues_linux.go`: change `upd` to `udp` in two error strings - Fix `node_scrape_collector_success` behavior - Fix `NodeRAIDDegraded` to not use a string rule expressions - Fix `node_md_disks` state label from fail to failed - Handle `EPERM` for syscall in timex collector - `bcache`: fix typo in a metric name - Fix XFS read/write stats - Enhancements: - Improve filter flag names - Add `btrfs` and `powersupplyclass` to list of exporters enabled by default - Add more `InfiniBand` counters - Add a flag to aggregate `ipvs` metrics to avoid high cardinality metrics - Add `backlog/current` queue length to `qdisc` collector - Include `TCP OutRsts` in `netstat` metrics - Add the `pool size` to entropy collector - Remove `CGO` dependencies for OpenBSD amd64 - `bcache`: add `writeback_rate_debug` statistics - Add `check state` for `mdadm` arrays via `node_md_state metric` - Expose `XFS inode` statistics - Expose `zfs zpool` state - Add the ability to pass `collector.supervisord.url` via `SUPERVISORD_URL` environment variable - Features: - Add fiber channel collector - Expose cpu bugs and flags as info metrics. - Add `network_route` collector - Add `zoneinfo` collector ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low References: 1189454 This optional update for coreutils fixes the following issue: - Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:827-1 Released: Mon Mar 14 16:06:48 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.9.1 Fixed: - Add /usr/sbin to the PATH for the execution [\#858](https://github.com/trento-project/trento/pull/858) (@arbulu89) - Associate attached database properly when the database name is resolved [\#854](https://github.com/trento-project/trento/pull/854) (@arbulu89) - Exclude diagnostics service sap systems [\#849](https://github.com/trento-project/trento/pull/849) (@arbulu89) The following package changes have been done: - file-magic-5.32-7.14.1 updated - libldap-data-2.4.46-9.58.1 updated - filesystem-15.0-11.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - glibc-2.31-150300.9.12.1 updated - libuuid1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libblkid1-2.36.2-150300.4.14.3 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libz1-1.2.11-3.24.1 updated - libpcre1-8.45-20.10.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libgmp10-6.1.2-4.9.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libncurses6-6.1-5.9.1 updated - terminfo-base-6.1-5.9.1 updated - ncurses-utils-6.1-5.9.1 updated - libudev1-246.16-150300.7.39.1 updated - libmount1-2.36.2-150300.4.14.3 updated - krb5-1.19.2-150300.8.3.2 updated - login_defs-4.8.1-150300.4.3.8 updated - libgcrypt20-1.8.2-8.42.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - cracklib-2.9.7-11.6.1 updated - libsystemd0-246.16-150300.7.39.1 updated - coreutils-8.32-150300.3.5.1 updated - rpm-config-SUSE-1-5.6.1 updated - permissions-20181225-23.12.1 updated - pam-1.3.0-6.50.1 updated - shadow-4.8.1-150300.4.3.8 updated - system-group-hardware-20170617-17.3.1 updated - util-linux-2.36.2-150300.4.14.3 updated - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - ca-certificates-mozilla-2.44-21.1 updated - golang-github-prometheus-node_exporter-1.1.2-3.9.3 added - libexpat1-2.2.5-3.15.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 updated - container:sles15-image-15.0.0-17.9.1 updated From sle-updates at lists.suse.com Fri Mar 18 16:16:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 17:16:56 +0100 (CET) Subject: SUSE-CU-2022:312-1: Security update of trento/trento-web Message-ID: <20220318161656.49EF3F37A@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:312-1 Container Tags : trento/trento-web:0.9.1 , trento/trento-web:0.9.1-rev1.0.1 , trento/trento-web:0.9.1-rev1.0.1-build3.2.11 , trento/trento-web:latest Container Release : 3.2.11 Severity : critical Type : security References : 1029961 1113013 1134353 1139519 1143913 1151557 1151558 1161276 1162581 1166028 1169614 1171962 1172973 1172974 1174504 1174504 1178236 1178561 1183572 1183574 1184614 1184994 1184994 1185972 1186071 1186489 1187153 1187273 1187654 1187911 1188063 1188291 1188348 1188507 1188571 1188588 1188623 1188713 1188921 1189152 1189446 1189454 1189480 1189520 1189521 1189521 1189996 1190052 1190373 1190374 1190401 1190440 1190447 1190515 1190793 1190850 1190984 1191227 1191532 1191563 1191592 1191736 1191826 1191987 1192160 1192161 1192248 1192423 1192489 1192637 1192684 1192688 1192717 1192858 1192954 1193086 1193480 1193632 1193690 1193759 1194178 1194178 1194265 1194265 1194640 1194768 1194770 1194785 1194859 1194976 1195048 1196036 CVE-2019-20838 CVE-2020-13529 CVE-2020-14155 CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-39537 CVE-2021-3995 CVE-2021-3996 CVE-2021-3997 CVE-2021-3997 CVE-2021-3999 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1979-1 Released: Tue Jul 21 02:41:47 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1143913 This update for golang-github-prometheus-node_exporter fixes the following issues: - Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110) 0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks - Add network-online (Wants and After) dependency to systemd unit. (bsc#1143913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2842-1 Released: Fri Oct 2 12:17:55 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1151557 This update for golang-github-prometheus-node_exporter fixes the following issues: - Add missing sysconfig file in rpm bsc#1151557 - Changes from 1.0.1 * Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via `osc service disabledrun` * Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749 - Changes from 1.0.0 * Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671 * Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0 - Changes from 1.0.0-rc.0 Breaking changes * The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279 * The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393 * Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for 'fail', 'spare', 'active' disks. node_md_is_active is replaced by node_md_state with a state set of 'active', 'inactive', 'recovering', 'resync'. * Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417 * Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510 * Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2107-1 Released: Mon Jun 21 19:29:09 2021 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1151558 This update for golang-github-prometheus-node_exporter fixes the following issues: Update from version 1.0.1 to version 1.1.2 - Bug fixes: - Do not include sources (bsc#1151558) - Handle errors from disabled `Pressure Stall Information (PSI)` subsystem - Sanitize strings from `/sys/class/power_supply` - Silence missing `netclass` errors - Fix `ineffassign` issue - Demote some warning to `Debug` level - `filesystem_freebsd`: Fix label values - Fix various `procfs` parsing errors - Handle no data from the power supply class - `udp_queues_linux.go`: change `upd` to `udp` in two error strings - Fix `node_scrape_collector_success` behavior - Fix `NodeRAIDDegraded` to not use a string rule expressions - Fix `node_md_disks` state label from fail to failed - Handle `EPERM` for syscall in timex collector - `bcache`: fix typo in a metric name - Fix XFS read/write stats - Enhancements: - Improve filter flag names - Add `btrfs` and `powersupplyclass` to list of exporters enabled by default - Add more `InfiniBand` counters - Add a flag to aggregate `ipvs` metrics to avoid high cardinality metrics - Add `backlog/current` queue length to `qdisc` collector - Include `TCP OutRsts` in `netstat` metrics - Add the `pool size` to entropy collector - Remove `CGO` dependencies for OpenBSD amd64 - `bcache`: add `writeback_rate_debug` statistics - Add `check state` for `mdadm` arrays via `node_md_state metric` - Expose `XFS inode` statistics - Expose `zfs zpool` state - Add the ability to pass `collector.supervisord.url` via `SUPERVISORD_URL` environment variable - Features: - Add fiber channel collector - Expose cpu bugs and flags as info metrics. - Add `network_route` collector - Add `zoneinfo` collector ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low References: 1189454 This optional update for coreutils fixes the following issue: - Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:827-1 Released: Mon Mar 14 16:06:48 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.9.1 Fixed: - Add /usr/sbin to the PATH for the execution [\#858](https://github.com/trento-project/trento/pull/858) (@arbulu89) - Associate attached database properly when the database name is resolved [\#854](https://github.com/trento-project/trento/pull/854) (@arbulu89) - Exclude diagnostics service sap systems [\#849](https://github.com/trento-project/trento/pull/849) (@arbulu89) The following package changes have been done: - file-magic-5.32-7.14.1 updated - libldap-data-2.4.46-9.58.1 updated - filesystem-15.0-11.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - glibc-2.31-150300.9.12.1 updated - libuuid1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libblkid1-2.36.2-150300.4.14.3 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libz1-1.2.11-3.24.1 updated - libpcre1-8.45-20.10.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libgmp10-6.1.2-4.9.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libncurses6-6.1-5.9.1 updated - terminfo-base-6.1-5.9.1 updated - ncurses-utils-6.1-5.9.1 updated - libmount1-2.36.2-150300.4.14.3 updated - krb5-1.19.2-150300.8.3.2 updated - login_defs-4.8.1-150300.4.3.8 updated - libgcrypt20-1.8.2-8.42.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - cracklib-2.9.7-11.6.1 updated - libsystemd0-246.16-150300.7.39.1 updated - coreutils-8.32-150300.3.5.1 updated - rpm-config-SUSE-1-5.6.1 updated - permissions-20181225-23.12.1 updated - pam-1.3.0-6.50.1 updated - shadow-4.8.1-150300.4.3.8 updated - system-group-hardware-20170617-17.3.1 updated - util-linux-2.36.2-150300.4.14.3 updated - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - golang-github-prometheus-node_exporter-1.1.2-3.9.3 added - trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 updated - container:sles15-image-15.0.0-17.9.1 updated From sle-updates at lists.suse.com Fri Mar 18 20:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Mar 2022 21:16:42 +0100 (CET) Subject: SUSE-OU-2022:0902-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220318201642.0D35FF385@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0902-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: argyllcms, csync Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-902=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-902=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): argyllcms-1.9.2-4.2.1 argyllcms-debuginfo-1.9.2-4.2.1 argyllcms-debugsource-1.9.2-4.2.1 csync-0.50.0-3.5.1 csync-debuginfo-0.50.0-3.5.1 csync-debugsource-0.50.0-3.5.1 libcsync-plugin-sftp-0.50.0-3.5.1 libcsync-plugin-sftp-debuginfo-0.50.0-3.5.1 libcsync-plugin-smb-0.50.0-3.5.1 libcsync-plugin-smb-debuginfo-0.50.0-3.5.1 libcsync0-0.50.0-3.5.1 libcsync0-debuginfo-0.50.0-3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): argyllcms-1.9.2-4.2.1 argyllcms-debuginfo-1.9.2-4.2.1 argyllcms-debugsource-1.9.2-4.2.1 csync-0.50.0-3.5.1 csync-debuginfo-0.50.0-3.5.1 csync-debugsource-0.50.0-3.5.1 libcsync-plugin-sftp-0.50.0-3.5.1 libcsync-plugin-sftp-debuginfo-0.50.0-3.5.1 libcsync-plugin-smb-0.50.0-3.5.1 libcsync-plugin-smb-debuginfo-0.50.0-3.5.1 libcsync0-0.50.0-3.5.1 libcsync0-debuginfo-0.50.0-3.5.1 References: From sle-updates at lists.suse.com Fri Mar 18 23:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Mar 2022 00:16:20 +0100 (CET) Subject: SUSE-RU-2022:0904-1: moderate: Recommended update for go1.18 Message-ID: <20220318231620.D8175F37A@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0904-1 Rating: moderate References: #1193742 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.18 fixes the following issues: go1.18 (released 2022-03-15) is a major release of Go. (boo#1193742) go1.18.x minor releases will be provided through February 2023, please see: https://github.com/golang/go/wiki/Go-Release-Cycle Go 1.18 is a significant release, including changes to the language, implementation of the toolchain, runtime, and libraries. Go 1.18 arrives seven months after Go 1.17. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * See release notes https://golang.org/doc/go1.18. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Go 1.18 includes an implementation of generic features as described by the Type Parameters Proposal. This includes major but fully backward-compatible changes to the language. * The Go 1.18 compiler now correctly reports declared but not used errors for variables that are set inside a function literal but are never used. Before Go 1.18, the compiler did not report an error in such cases. This fixes long-outstanding compiler issue go#8560. * The Go 1.18 compiler now reports an overflow when passing a rune constant expression such as '1' << 32 as an argument to the predeclared functions print and println, consistent with the behavior of user-defined functions. Before Go 1.18, the compiler did not report an error in such cases but silently accepted such constant arguments if they fit into an int64. Since go vet always pointed out this error, the number of affected programs is likely very small. * AMD64: Go 1.18 introduces the new GOAMD64 environment variable, which selects at compile time a minimum target version of the AMD64 architecture. Allowed values are v1, v2, v3, or v4. Each higher level requires, and takes advantage of, additional processor features. A detailed description can be found here. The GOAMD64 environment variable defaults to v1. * RISC-V: The 64-bit RISC-V architecture on Linux (the linux/riscv64 port) now supports the c-archive and c-shared build modes. * Linux: Go 1.18 requires Linux kernel version 2.6.32 or later. * Fuzzing: Go 1.18 includes an implementation of fuzzing as described by the fuzzing proposal. See the fuzzing landing page to get started. Please be aware that fuzzing can consume a lot of memory and may impact your machine???s performance while it runs. * go get: go get no longer builds or installs packages in module-aware mode. go get is now dedicated to adjusting dependencies in go.mod. Effectively, the -d flag is always enabled. To install the latest version of an executable outside the context of the current module, use go install example.com/cmd at latest. Any version query may be used instead of latest. This form of go install was added in Go 1.16, so projects supporting older versions may need to provide install instructions for both go install and go get. go get now reports an error when used outside a module, since there is no go.mod file to update. In GOPATH mode (with GO111MODULE=off), go get still builds and installs packages, as before. * Automatic go.mod and go.sum updates: The go mod graph, go mod vendor, go mod verify, and go mod why subcommands no longer automatically update the go.mod and go.sum files. (Those files can be updated explicitly using go get, go mod tidy, or go mod download.) * go version: The go command now embeds version control information in binaries. It includes the currently checked-out revision, commit time, and a flag indicating whether edited or untracked files are present. Version control information is embedded if the go command is invoked in a directory within a Git, Mercurial, Fossil, or Bazaar repository, and the main package and its containing main module are in the same repository. This information may be omitted using the flag -buildvcs=false. Additionally, the go command embeds information about the build, including build and tool tags (set with -tags), compiler, assembler, and linker flags (like -gcflags), whether cgo was enabled, and if it was, the values of the cgo environment variables (like CGO_CFLAGS). Both VCS and build information may be read together with module information using go version -m file or runtime/debug.ReadBuildInfo (for the currently running binary) or the new debug/buildinfo package. The underlying data format of the embedded build information can change with new go releases, so an older version of go may not handle the build information produced with a newer version of go. To read the version information from a binary built with go 1.18, use the go version command and the debug/buildinfo package from go 1.18+. * go mod download: If the main module's go.mod file specifies go 1.17 or higher, go mod download without arguments now downloads source code for only the modules explicitly required in the main module's go.mod file. (In a go 1.17 or higher module, that set already includes all dependencies needed to build the packages and tests in the main module.) To also download source code for transitive dependencies, use go mod download all. * go mod vendor: The go mod vendor subcommand now supports a -o flag to set the output directory. (Other go commands still read from the vendor directory at the module root when loading packages with -mod=vendor, so the main use for this flag is for third-party tools that need to collect package source code.) * go mod tidy: The go mod tidy command now retains additional checksums in the go.sum file for modules whose source code is needed to verify that each imported package is provided by only one module in the build list. Because this condition is rare and failure to apply it results in a build error, this change is not conditioned on the go version in the main module's go.mod file. * go work: The go command now supports a "Workspace" mode. If a go.work file is found in the working directory or a parent directory, or one is specified using the GOWORK environment variable, it will put the go command into workspace mode. In workspace mode, the go.work file will be used to determine the set of main modules used as the roots for module resolution, instead of using the normally-found go.mod file to specify the single main module. For more information see the go work documentation. * go build -asan: The go build command and related commands now support an -asan flag that enables interoperation with C (or C++) code compiled with the address sanitizer (C compiler option -fsanitize=address). * //go:build lines: Go 1.17 introduced //go:build lines as a more readable way to write build constraints, instead of // +build lines. As of Go 1.17, gofmt adds //go:build lines to match existing +build lines and keeps them in sync, while go vet diagnoses when they are out of sync. Since the release of Go 1.18 marks the end of support for Go 1.16, all supported versions of Go now understand //go:build lines. In Go 1.18, go fix now removes the now-obsolete // +build lines in modules declaring go 1.17 or later in their go.mod files. For more information, see https://go.dev/design/draft-gobuild. * go vet: The vet tool is updated to support generic code. In most cases, it reports an error in generic code whenever it would report an error in the equivalent non-generic code after substituting for type parameters with a type from their type set. * go vet: The cmd/vet checkers copylock, printf, sortslice, testinggoroutine, and tests have all had moderate precision improvements to handle additional code patterns. This may lead to newly reported errors in existing packages. * Runtime: The garbage collector now includes non-heap sources of garbage collector work (e.g., stack scanning) when determining how frequently to run. As a result, garbage collector overhead is more predictable when these sources are significant. For most applications these changes will be negligible; however, some Go applications may now use less memory and spend more time on garbage collection, or vice versa, than before. The intended workaround is to tweak GOGC where necessary. The runtime now returns memory to the operating system more efficiently and has been tuned to work more aggressively as a result. * Compiler: Go 1.17 implemented a new way of passing function arguments and results using registers instead of the stack on 64-bit x86 architecture on selected operating systems. Go 1.18 expands the supported platforms to include 64-bit ARM (GOARCH=arm64), big- and little-endian 64-bit PowerPC (GOARCH=ppc64, ppc64le), as well as 64-bit x86 architecture (GOARCH=amd64) on all operating systems. On 64-bit ARM and 64-bit PowerPC systems, benchmarking shows typical performance improvements of 10% or more. As mentioned in the Go 1.17 release notes, this change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code. See the Go 1.17 release notes for more details. * Compiler: The compiler now can inline functions that contain range loops or labeled for loops. * Compiler: The new -asan compiler option supports the new go command -asan option. * Compiler: Because the compiler's type checker was replaced in its entirety to support generics, some error messages now may use different wording than before. In some cases, pre-Go 1.18 error messages provided more detail or were phrased in a more helpful way. We intend to address these cases in Go 1.19. Because of changes in the compiler related to supporting generics, the Go 1.18 compile speed can be roughly 15% slower than the Go 1.17 compile speed. The execution time of the compiled code is not affected. We intend to improve the speed of the compiler in Go 1.19. * Linker: The linker emits far fewer relocations. As a result, most codebases will link faster, require less memory to link, and generate smaller binaries. Tools that process Go binaries should use Go 1.18's debug/gosym package to transparently handle both old and new binaries. * Linker: The new -asan linker option supports the new go command -asan option. * Bootstrap: When building a Go release from source and GOROOT_BOOTSTRAP is not set, previous versions of Go looked for a Go 1.4 or later bootstrap toolchain in the directory $HOME/go1.4 (%HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go now looks first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling back to $HOME/go1.4. We intend for Go 1.19 to require Go 1.17 or later for bootstrap, and this change should make the transition smoother. For more details, see go#44505. * The new debug/buildinfo package provides access to module versions, version control information, and build flags embedded in executable files built by the go command. The same information is also available via runtime/debug.ReadBuildInfo for the currently running binary and via go version -m on the command line. * The new net/netip package defines a new IP address type, Addr. Compared to the existing net.IP type, the netip.Addr type takes less memory, is immutable, and is comparable so it supports == and can be used as a map key. * TLS 1.0 and 1.1 disabled by default client-side: If Config.MinVersion is not set, it now defaults to TLS 1.2 for client connections. Any safely up-to-date server is expected to support TLS 1.2, and browsers have required it since 2020. TLS 1.0 and 1.1 are still supported by setting Config.MinVersion to VersionTLS10. The server-side default is unchanged at TLS 1.0. The default can be temporarily reverted to TLS 1.0 by setting the GODEBUG=tls10default=1 environment variable. This option will be removed in Go 1.19. * Rejecting SHA-1 certificates: crypto/x509 will now reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015. This can be temporarily reverted by setting the GODEBUG=x509sha1=1 environment variable. This option will be removed in Go 1.19. * crypto/elliptic The P224, P384, and P521 curve implementations are now all backed by code generated by the addchain and fiat-crypto projects, the latter of which is based on a formally-verified model of the arithmetic operations. They now use safer complete formulas and internal APIs. P-224 and P-384 are now approximately four times faster. All specific curve implementations are now constant-time. Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or a Curve method operating on a valid point) has always been undefined behavior, can lead to key recovery attacks, and is now unsupported by the new backend. If an invalid point is supplied to a P224, P384, or P521 method, that method will now return a random point. The behavior might change to an explicit panic in a future release. * crypto/tls: The new Conn.NetConn method allows access to the underlying net.Conn. * crypto/x509: Certificate.Verify now uses platform APIs to verify certificate validity on macOS and iOS when it is called with a nil VerifyOpts.Roots or when using the root pool returned from SystemCertPool. SystemCertPool is now available on Windows. * crypto/x509: CertPool.Subjects is deprecated. On Windows, macOS, and iOS the CertPool returned by SystemCertPool will return a pool which does not include system roots in the slice returned by Subjects, as a static list can't appropriately represent the platform policies and might not be available at all from the platform APIs. * crypto/x509: Support for signing certificates using signature algorithms that depend on the MD5 and SHA-1 hashes (MD5WithRSA, SHA1WithRSA, and ECDSAWithSHA1) may be removed in Go 1.19. * net/http: When looking up a domain name containing non-ASCII characters, the Unicode-to-ASCII conversion is now done in accordance with Nontransitional Processing as defined in the Unicode IDNA Compatibility Processing standard (UTS #46). The interpretation of four distinct runes are changed: ??, ??, zero-width joiner U+200D, and zero-width non-joiner U+200C. Nontransitional Processing is consistent with most applications and web browsers. * os/user: User.GroupIds now uses a Go native implementation when cgo is not available. * runtime/debug: The BuildInfo struct has two new fields, containing additional information about how the binary was built: GoVersion holds the version of Go used to build the binary. Settings is a slice of BuildSettings structs holding key/value pairs describing the build. * runtime/pprof: The CPU profiler now uses per-thread timers on Linux. This increases the maximum CPU usage that a profile can observe, and reduces some forms of bias. * syscall: The new function SyscallN has been introduced for Windows, allowing for calls with arbitrary number of arguments. As a result, Syscall, Syscall6, Syscall9, Syscall12, Syscall15, and Syscall18 are deprecated in favor of SyscallN. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-904=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18-1.8.1 go1.18-doc-1.18-1.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18-1.8.1 References: https://bugzilla.suse.com/1193742 From sle-updates at lists.suse.com Sun Mar 20 08:40:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Mar 2022 09:40:29 +0100 (CET) Subject: SUSE-CU-2022:313-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20220320084029.2322DF385@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:313-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-4.2.29 , suse/sle-micro/5.2/toolbox:latest Container Release : 4.2.29 Severity : important Type : security References : 1029961 1113013 1161276 1162581 1169614 1172973 1172974 1174504 1174504 1176804 1177127 1177598 1180125 1181640 1181703 1182959 1182998 1183659 1184614 1185016 1185299 1185524 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187512 1187654 1187670 1187738 1187760 1188156 1188344 1188348 1188435 1188507 1188520 1188548 1188623 1188914 1189031 1189152 1189454 1189520 1189521 1189521 1189683 1190052 1190059 1190199 1190356 1190373 1190374 1190465 1190533 1190570 1190645 1190712 1190739 1190793 1190815 1190824 1190850 1190915 1190933 1191286 1191324 1191370 1191563 1191609 1191736 1191893 1191987 1192160 1192248 1192337 1192436 1192478 1192481 1192489 1192688 1192717 1192954 1193007 1193166 1193273 1193294 1193298 1193480 1193488 1193632 1193711 1194216 1194265 1194265 1194522 1194556 1194597 1194898 1194968 1194976 1195004 1195066 1195126 1195149 1195202 1195356 1195654 1195792 1195825 1195856 1196025 1196025 1196026 1196036 1196168 1196169 1196171 1196784 1196825 954813 CVE-2018-16301 CVE-2019-20838 CVE-2020-14155 CVE-2020-14370 CVE-2020-15157 CVE-2021-20199 CVE-2021-20291 CVE-2021-22946 CVE-2021-22947 CVE-2021-3602 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-39537 CVE-2021-3984 CVE-2021-3995 CVE-2021-3996 CVE-2021-4019 CVE-2021-4024 CVE-2021-41190 CVE-2021-4193 CVE-2021-43618 CVE-2021-46059 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:51 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low References: 1189454 This optional update for coreutils fixes the following issue: - Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:711-1 Released: Fri Mar 4 09:15:11 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:836-1 Released: Tue Mar 15 07:47:48 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: This update for gdb fixes the following issues: - Support for new IBM Z Hardware - GDB Part (jsc#SLE-22287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - file-magic-5.32-7.14.1 updated - filesystem-15.0-11.5.1 updated - gdb-11.1-8.30.1 updated - glibc-locale-base-2.31-150300.20.7 updated - glibc-locale-2.31-150300.20.7 updated - glibc-2.31-150300.9.12.1 updated - krb5-1.19.2-150300.8.3.2 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.19.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.36.2-150300.4.14.3 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsasl2-3-2.1.27-150300.4.6.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-150300.7.39.1 updated - libudev1-246.16-150300.7.39.1 updated - libuuid1-2.36.2-150300.4.14.3 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.29.3-27.1 updated - login_defs-4.8.1-150300.4.3.8 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - pam-1.3.0-6.50.1 updated - permissions-20181225-23.12.1 updated - rpm-config-SUSE-1-5.6.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - shadow-4.8.1-150300.4.3.8 updated - sudo-1.9.5p2-150300.3.3.1 updated - system-group-hardware-20170617-17.3.1 updated - systemd-presets-branding-SMO-20220103-150300.2.1 updated - tcpdump-4.9.2-3.18.1 updated - terminfo-base-6.1-5.9.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.36.2-150300.4.14.2 updated - util-linux-2.36.2-150300.4.14.3 updated - vim-data-common-8.0.1568-5.17.1 updated - vim-8.0.1568-5.17.1 updated - zypper-1.14.51-24.1 updated - container:sles15-image-15.0.0-17.9.1 updated From sle-updates at lists.suse.com Sun Mar 20 13:59:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Mar 2022 14:59:39 +0100 (CET) Subject: SUSE-CU-2022:314-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20220320135939.CC9C0F37A@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:314-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.583 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.583 Severity : critical Type : security References : 1027496 1029961 1082318 1099272 1113013 1115529 1128846 1153687 1162581 1162964 1171479 1172113 1173277 1174075 1174504 1174911 1177460 1180064 1180125 1180689 1180995 1181703 1181826 1182372 1182959 1183085 1183268 1183374 1183589 1183858 1183909 1184326 1184399 1184519 1184997 1185325 1185588 1186447 1186503 1186602 1187153 1187196 1187224 1187273 1187338 1187425 1187466 1187512 1187654 1187668 1187738 1187760 1187906 1187993 1188156 1188435 1188623 1188941 1189031 1189152 1189241 1189287 1189803 1189841 1189879 1189983 1189984 1190059 1190199 1190325 1190356 1190440 1190447 1190465 1190598 1190712 1190815 1190926 1190984 1191200 1191252 1191260 1191286 1191324 1191370 1191473 1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191804 1191922 1192161 1192248 1192267 1192337 1192436 1192688 1192717 1192790 1193007 1193170 1193480 1193481 1193488 1193521 1193625 1193759 1193805 1193841 1193845 1193907 1193913 1194172 1194229 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149 1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856 1196025 1196025 1196026 1196036 1196168 1196169 1196171 1196784 1196877 1197004 954813 CVE-2015-8985 CVE-2016-10228 CVE-2020-12762 CVE-2020-14367 CVE-2020-29361 CVE-2021-20294 CVE-2021-22570 CVE-2021-33430 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-3999 CVE-2021-41496 CVE-2021-43527 CVE-2021-43618 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:305-1 Released: Thu Feb 4 15:00:37 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3643-1 Released: Tue Nov 9 19:32:18 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1183909,1184519,1188941,1191473,1192267,CVE-2021-20294 This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3781-1 Released: Tue Nov 23 23:48:43 2021 Summary: This update for libzypp, zypper and libsolv fixes the following issues: Type: recommended Severity: moderate References: 1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436 This update for zypper fixes the following issues: - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) - Allow trusted repos to add additional signing keys. (bsc#1184326) - MediaCurl: Fix logging of redirects. - Let negative values wait forever for the zypp lock. (bsc#1184399) - Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325) - Fix service detection with cgroupv2. (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -pie (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645) - Fix solver jobs for PTFs. (bsc#1186503) - choice rules: treat orphaned packages as newest. (bc#1190465) - Add need reboot/restart hint to XML install summary. (bsc#1188435) - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix obs:// platform guessing for Leap. (bsc#1187425) - Fix purge-kernels fails. (bsc#1187738) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Prompt: choose exact match if prompt options are not prefix free. (bsc#1188156) - Do not check of signatures and keys two times(redundant). (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760) - Show key fpr from signature when signature check fails. (bsc#1187224) - Make sure to keep states alives while transitioning. (bsc#1190199) - Fix crashes in logging code when shutting down. (bsc#1189031) - Manpage: Improve description about patch updates. (bsc#1187466) - Avoid calling 'su' to detect a too restrictive sudo user umask. (bsc#1186602) - Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858) - Disable logger in the child after fork (bsc#1192436) - Check log writer before accessing it (bsc#1192337) - Allow uname-r format in purge kernels keepspec - zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) - Fix translations (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3798-1 Released: Wed Nov 24 18:01:36 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: This update for gcc7 fixes the following issues: - Fixed a build issue when built with recent kernel headers. - Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049) - do not handle exceptions in std::thread (jsc#CAR-1182) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3869-1 Released: Thu Dec 2 07:10:09 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: - rpm-script: fix bad exit status in OpenQA (bsc#1191922) - cert-script: Deal with existing $cert.delete file (bsc#1191804) - cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480) - cert-script: Only print mokutil output in verbose mode - inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) - kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) - rpm-script: link config also into /boot (bsc#1189879) - Import kernel scriptlets from kernel-source (bsc#1189841, bsc#1190598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3930-1 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3987-1 Released: Fri Dec 10 06:09:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4015-1 Released: Mon Dec 13 17:16:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4017-1 Released: Tue Dec 14 07:26:55 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:49-1 Released: Tue Jan 11 09:19:15 2022 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:57-1 Released: Wed Jan 12 07:10:42 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1193488,954813 This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:72-1 Released: Thu Jan 13 16:13:36 2022 Summary: Recommended update for mozilla-nss and MozillaFirefox Type: recommended Severity: important References: 1193845 This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:134-1 Released: Thu Jan 20 10:02:15 2022 Summary: Security update for python-numpy Type: security Severity: moderate References: 1193907,1193913,CVE-2021-33430,CVE-2021-41496 This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:572-1 Released: Thu Feb 24 11:58:05 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - binutils-2.37-7.26.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.5.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - keyutils-1.6.3-5.6.1 updated - libapparmor1-2.12.3-7.25.2 updated - libaugeas0-1.10.1-3.9.1 updated - libctf-nobfd0-2.37-7.26.1 updated - libctf0-2.37-7.26.1 updated - libcurl4-7.60.0-28.1 updated - libexpat1-2.2.5-3.19.1 updated - libfreebl3-3.68.2-3.64.2 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-1.8.2-8.42.1 updated - libgfortran4-7.5.0+r278197-4.30.1 updated - libgmp10-6.1.2-4.9.1 updated - libjson-c3-0.13-3.3.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-1.1.0i-14.27.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite15-3.5.0-5.5.1 added - libpython3_6m1_0-3.6.15-3.91.3 updated - libquadmath0-11.2.1+git610-1.3.9 updated - libsasl2-3-2.1.26-5.10.1 updated - libsoftokn3-3.68.2-3.64.2 updated - libsolv-tools-0.7.20-4.3.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.105.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.105.1 updated - libz1-1.2.11-3.26.10 updated - libzypp-17.29.4-3.73.1 updated - mozilla-nss-certs-3.68.2-3.64.2 updated - mozilla-nss-3.68.2-3.64.2 updated - nfs-client-2.1.1-10.21.1 updated - nfs-kernel-server-2.1.1-10.21.1 updated - openssl-1_1-1.1.0i-14.27.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - procps-3.3.15-7.22.1 updated - psmisc-23.0-6.19.1 updated - python3-base-3.6.15-3.91.3 updated - python3-numpy-1.17.3-10.1 updated - python3-3.6.15-3.91.4 updated - sudo-1.8.27-4.24.1 updated - suse-module-tools-15.1.24-3.22.1 updated - systemd-234-24.105.1 updated - timezone-2021e-75.4.1 updated - udev-234-24.105.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.51-3.52.1 updated - container:sles15-image-15.0.0-6.2.587 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Sun Mar 20 14:03:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Mar 2022 15:03:18 +0100 (CET) Subject: SUSE-CU-2022:315-1: Security update of ses/6/ceph/ceph Message-ID: <20220320140318.B4380F385@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:315-1 Container Tags : ses/6/ceph/ceph:14.2.22.445 , ses/6/ceph/ceph:14.2.22.445.1.5.578 , ses/6/ceph/ceph:latest Container Release : 1.5.578 Severity : critical Type : security References : 1027496 1029961 1082318 1099272 1113013 1115529 1128846 1153687 1162581 1162964 1171479 1172113 1173277 1174075 1174504 1174911 1177460 1180064 1180125 1180689 1180995 1181703 1181826 1182372 1182959 1183085 1183268 1183374 1183589 1183858 1183909 1184326 1184399 1184519 1184997 1185325 1185588 1186447 1186503 1186602 1187153 1187196 1187224 1187273 1187338 1187425 1187466 1187512 1187654 1187668 1187738 1187760 1187906 1187993 1188156 1188435 1188623 1188941 1189031 1189152 1189241 1189287 1189803 1189841 1189879 1189983 1189984 1190059 1190199 1190325 1190356 1190440 1190447 1190465 1190598 1190712 1190815 1190926 1190984 1191200 1191252 1191260 1191286 1191324 1191370 1191473 1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191804 1191922 1192161 1192248 1192267 1192337 1192436 1192688 1192717 1192790 1193007 1193170 1193480 1193481 1193488 1193521 1193625 1193759 1193805 1193841 1193845 1193907 1193913 1194172 1194229 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149 1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856 1196025 1196025 1196026 1196036 1196168 1196169 1196171 1196784 1196877 1197004 954813 CVE-2015-8985 CVE-2016-10228 CVE-2020-12762 CVE-2020-14367 CVE-2020-29361 CVE-2021-20294 CVE-2021-22570 CVE-2021-33430 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-3999 CVE-2021-41496 CVE-2021-43527 CVE-2021-43618 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:305-1 Released: Thu Feb 4 15:00:37 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3643-1 Released: Tue Nov 9 19:32:18 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1183909,1184519,1188941,1191473,1192267,CVE-2021-20294 This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3781-1 Released: Tue Nov 23 23:48:43 2021 Summary: This update for libzypp, zypper and libsolv fixes the following issues: Type: recommended Severity: moderate References: 1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436 This update for zypper fixes the following issues: - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) - Allow trusted repos to add additional signing keys. (bsc#1184326) - MediaCurl: Fix logging of redirects. - Let negative values wait forever for the zypp lock. (bsc#1184399) - Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325) - Fix service detection with cgroupv2. (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -pie (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645) - Fix solver jobs for PTFs. (bsc#1186503) - choice rules: treat orphaned packages as newest. (bc#1190465) - Add need reboot/restart hint to XML install summary. (bsc#1188435) - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix obs:// platform guessing for Leap. (bsc#1187425) - Fix purge-kernels fails. (bsc#1187738) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Prompt: choose exact match if prompt options are not prefix free. (bsc#1188156) - Do not check of signatures and keys two times(redundant). (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760) - Show key fpr from signature when signature check fails. (bsc#1187224) - Make sure to keep states alives while transitioning. (bsc#1190199) - Fix crashes in logging code when shutting down. (bsc#1189031) - Manpage: Improve description about patch updates. (bsc#1187466) - Avoid calling 'su' to detect a too restrictive sudo user umask. (bsc#1186602) - Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858) - Disable logger in the child after fork (bsc#1192436) - Check log writer before accessing it (bsc#1192337) - Allow uname-r format in purge kernels keepspec - zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) - Fix translations (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3798-1 Released: Wed Nov 24 18:01:36 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: This update for gcc7 fixes the following issues: - Fixed a build issue when built with recent kernel headers. - Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049) - do not handle exceptions in std::thread (jsc#CAR-1182) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3869-1 Released: Thu Dec 2 07:10:09 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: - rpm-script: fix bad exit status in OpenQA (bsc#1191922) - cert-script: Deal with existing $cert.delete file (bsc#1191804) - cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480) - cert-script: Only print mokutil output in verbose mode - inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) - kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) - rpm-script: link config also into /boot (bsc#1189879) - Import kernel scriptlets from kernel-source (bsc#1189841, bsc#1190598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3930-1 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3987-1 Released: Fri Dec 10 06:09:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4015-1 Released: Mon Dec 13 17:16:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4017-1 Released: Tue Dec 14 07:26:55 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:49-1 Released: Tue Jan 11 09:19:15 2022 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:57-1 Released: Wed Jan 12 07:10:42 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1193488,954813 This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:72-1 Released: Thu Jan 13 16:13:36 2022 Summary: Recommended update for mozilla-nss and MozillaFirefox Type: recommended Severity: important References: 1193845 This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:134-1 Released: Thu Jan 20 10:02:15 2022 Summary: Security update for python-numpy Type: security Severity: moderate References: 1193907,1193913,CVE-2021-33430,CVE-2021-41496 This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:572-1 Released: Thu Feb 24 11:58:05 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - binutils-2.37-7.26.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.5.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - keyutils-1.6.3-5.6.1 updated - libapparmor1-2.12.3-7.25.2 updated - libaugeas0-1.10.1-3.9.1 updated - libctf-nobfd0-2.37-7.26.1 updated - libctf0-2.37-7.26.1 updated - libcurl4-7.60.0-28.1 updated - libexpat1-2.2.5-3.19.1 updated - libfreebl3-3.68.2-3.64.2 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-1.8.2-8.42.1 updated - libgfortran4-7.5.0+r278197-4.30.1 updated - libgmp10-6.1.2-4.9.1 updated - libjson-c3-0.13-3.3.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-1.1.0i-14.27.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite15-3.5.0-5.5.1 added - libpython3_6m1_0-3.6.15-3.91.3 updated - libquadmath0-11.2.1+git610-1.3.9 updated - libsasl2-3-2.1.26-5.10.1 updated - libsoftokn3-3.68.2-3.64.2 updated - libsolv-tools-0.7.20-4.3.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.105.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.105.1 updated - libz1-1.2.11-3.26.10 updated - libzypp-17.29.4-3.73.1 updated - mozilla-nss-certs-3.68.2-3.64.2 updated - mozilla-nss-3.68.2-3.64.2 updated - nfs-client-2.1.1-10.21.1 updated - nfs-kernel-server-2.1.1-10.21.1 updated - openssl-1_1-1.1.0i-14.27.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - procps-3.3.15-7.22.1 updated - psmisc-23.0-6.19.1 updated - python3-base-3.6.15-3.91.3 updated - python3-numpy-1.17.3-10.1 updated - python3-3.6.15-3.91.4 updated - sudo-1.8.27-4.24.1 updated - suse-module-tools-15.1.24-3.22.1 updated - systemd-234-24.105.1 updated - timezone-2021e-75.4.1 updated - udev-234-24.105.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.51-3.52.1 updated - container:sles15-image-15.0.0-6.2.587 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Sun Mar 20 14:07:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 20 Mar 2022 15:07:07 +0100 (CET) Subject: SUSE-CU-2022:316-1: Security update of ses/6/rook/ceph Message-ID: <20220320140707.642DCF385@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:316-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.568 , ses/6/rook/ceph:latest Container Release : 1.5.568 Severity : critical Type : security References : 1027496 1029961 1082318 1099272 1113013 1115529 1128846 1153687 1162581 1162964 1171479 1172113 1173277 1174075 1174504 1174911 1177460 1180064 1180125 1180689 1180995 1181703 1181826 1182372 1182959 1183085 1183268 1183374 1183589 1183858 1183909 1184326 1184399 1184519 1184997 1185325 1185588 1186447 1186503 1186602 1187153 1187196 1187224 1187273 1187338 1187425 1187466 1187512 1187654 1187668 1187738 1187760 1187906 1187993 1188156 1188435 1188623 1188941 1189031 1189152 1189241 1189287 1189803 1189841 1189879 1189983 1189984 1190059 1190199 1190325 1190356 1190440 1190447 1190465 1190598 1190712 1190815 1190926 1190984 1191200 1191252 1191260 1191286 1191324 1191370 1191473 1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191804 1191922 1192161 1192248 1192267 1192337 1192436 1192688 1192717 1192790 1193007 1193170 1193480 1193481 1193488 1193521 1193625 1193759 1193805 1193841 1193845 1193907 1193913 1194172 1194229 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149 1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856 1196025 1196025 1196026 1196036 1196168 1196169 1196171 1196784 1196877 1197004 954813 CVE-2015-8985 CVE-2016-10228 CVE-2020-12762 CVE-2020-14367 CVE-2020-29361 CVE-2021-20294 CVE-2021-22570 CVE-2021-33430 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-3999 CVE-2021-41496 CVE-2021-43527 CVE-2021-43618 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:305-1 Released: Thu Feb 4 15:00:37 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3643-1 Released: Tue Nov 9 19:32:18 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1183909,1184519,1188941,1191473,1192267,CVE-2021-20294 This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3781-1 Released: Tue Nov 23 23:48:43 2021 Summary: This update for libzypp, zypper and libsolv fixes the following issues: Type: recommended Severity: moderate References: 1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436 This update for zypper fixes the following issues: - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) - Allow trusted repos to add additional signing keys. (bsc#1184326) - MediaCurl: Fix logging of redirects. - Let negative values wait forever for the zypp lock. (bsc#1184399) - Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325) - Fix service detection with cgroupv2. (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -pie (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645) - Fix solver jobs for PTFs. (bsc#1186503) - choice rules: treat orphaned packages as newest. (bc#1190465) - Add need reboot/restart hint to XML install summary. (bsc#1188435) - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix obs:// platform guessing for Leap. (bsc#1187425) - Fix purge-kernels fails. (bsc#1187738) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Prompt: choose exact match if prompt options are not prefix free. (bsc#1188156) - Do not check of signatures and keys two times(redundant). (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760) - Show key fpr from signature when signature check fails. (bsc#1187224) - Make sure to keep states alives while transitioning. (bsc#1190199) - Fix crashes in logging code when shutting down. (bsc#1189031) - Manpage: Improve description about patch updates. (bsc#1187466) - Avoid calling 'su' to detect a too restrictive sudo user umask. (bsc#1186602) - Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858) - Disable logger in the child after fork (bsc#1192436) - Check log writer before accessing it (bsc#1192337) - Allow uname-r format in purge kernels keepspec - zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) - Fix translations (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3798-1 Released: Wed Nov 24 18:01:36 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: This update for gcc7 fixes the following issues: - Fixed a build issue when built with recent kernel headers. - Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049) - do not handle exceptions in std::thread (jsc#CAR-1182) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3869-1 Released: Thu Dec 2 07:10:09 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: - rpm-script: fix bad exit status in OpenQA (bsc#1191922) - cert-script: Deal with existing $cert.delete file (bsc#1191804) - cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480) - cert-script: Only print mokutil output in verbose mode - inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) - kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) - rpm-script: link config also into /boot (bsc#1189879) - Import kernel scriptlets from kernel-source (bsc#1189841, bsc#1190598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3930-1 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3987-1 Released: Fri Dec 10 06:09:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4015-1 Released: Mon Dec 13 17:16:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4017-1 Released: Tue Dec 14 07:26:55 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:49-1 Released: Tue Jan 11 09:19:15 2022 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:57-1 Released: Wed Jan 12 07:10:42 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1193488,954813 This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:72-1 Released: Thu Jan 13 16:13:36 2022 Summary: Recommended update for mozilla-nss and MozillaFirefox Type: recommended Severity: important References: 1193845 This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:134-1 Released: Thu Jan 20 10:02:15 2022 Summary: Security update for python-numpy Type: security Severity: moderate References: 1193907,1193913,CVE-2021-33430,CVE-2021-41496 This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:572-1 Released: Thu Feb 24 11:58:05 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - binutils-2.37-7.26.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.5.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - keyutils-1.6.3-5.6.1 updated - libapparmor1-2.12.3-7.25.2 updated - libaugeas0-1.10.1-3.9.1 updated - libctf-nobfd0-2.37-7.26.1 updated - libctf0-2.37-7.26.1 updated - libcurl4-7.60.0-28.1 updated - libexpat1-2.2.5-3.19.1 updated - libfreebl3-3.68.2-3.64.2 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-1.8.2-8.42.1 updated - libgfortran4-7.5.0+r278197-4.30.1 updated - libgmp10-6.1.2-4.9.1 updated - libjson-c3-0.13-3.3.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-1.1.0i-14.27.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite15-3.5.0-5.5.1 added - libpython3_6m1_0-3.6.15-3.91.3 updated - libquadmath0-11.2.1+git610-1.3.9 updated - libsasl2-3-2.1.26-5.10.1 updated - libsoftokn3-3.68.2-3.64.2 updated - libsolv-tools-0.7.20-4.3.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.105.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.105.1 updated - libz1-1.2.11-3.26.10 updated - libzypp-17.29.4-3.73.1 updated - mozilla-nss-certs-3.68.2-3.64.2 updated - mozilla-nss-3.68.2-3.64.2 updated - nfs-client-2.1.1-10.21.1 updated - nfs-kernel-server-2.1.1-10.21.1 updated - openssl-1_1-1.1.0i-14.27.1 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - procps-3.3.15-7.22.1 updated - psmisc-23.0-6.19.1 updated - python3-base-3.6.15-3.91.3 updated - python3-numpy-1.17.3-10.1 updated - python3-3.6.15-3.91.4 updated - sudo-1.8.27-4.24.1 updated - suse-module-tools-15.1.24-3.22.1 updated - systemd-234-24.105.1 updated - timezone-2021e-75.4.1 updated - udev-234-24.105.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.51-3.52.1 updated - container:sles15-image-15.0.0-6.2.587 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Mon Mar 21 11:17:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 12:17:56 +0100 (CET) Subject: SUSE-RU-2022:0905-1: important: Recommended update for util-linux Message-ID: <20220321111756.72817F385@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0905-1 Rating: important References: #1172427 #1194642 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-905=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-905=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-905=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.36.2-150300.4.17.1 util-linux-systemd-debugsource-2.36.2-150300.4.17.1 uuidd-2.36.2-150300.4.17.1 uuidd-debuginfo-2.36.2-150300.4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.36.2-150300.4.17.1 libblkid-devel-static-2.36.2-150300.4.17.1 libblkid1-2.36.2-150300.4.17.1 libblkid1-debuginfo-2.36.2-150300.4.17.1 libfdisk-devel-2.36.2-150300.4.17.1 libfdisk1-2.36.2-150300.4.17.1 libfdisk1-debuginfo-2.36.2-150300.4.17.1 libmount-devel-2.36.2-150300.4.17.1 libmount1-2.36.2-150300.4.17.1 libmount1-debuginfo-2.36.2-150300.4.17.1 libsmartcols-devel-2.36.2-150300.4.17.1 libsmartcols1-2.36.2-150300.4.17.1 libsmartcols1-debuginfo-2.36.2-150300.4.17.1 libuuid-devel-2.36.2-150300.4.17.1 libuuid-devel-static-2.36.2-150300.4.17.1 libuuid1-2.36.2-150300.4.17.1 libuuid1-debuginfo-2.36.2-150300.4.17.1 util-linux-2.36.2-150300.4.17.1 util-linux-debuginfo-2.36.2-150300.4.17.1 util-linux-debugsource-2.36.2-150300.4.17.1 util-linux-systemd-2.36.2-150300.4.17.1 util-linux-systemd-debuginfo-2.36.2-150300.4.17.1 util-linux-systemd-debugsource-2.36.2-150300.4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libblkid1-32bit-2.36.2-150300.4.17.1 libblkid1-32bit-debuginfo-2.36.2-150300.4.17.1 libmount1-32bit-2.36.2-150300.4.17.1 libmount1-32bit-debuginfo-2.36.2-150300.4.17.1 libuuid1-32bit-2.36.2-150300.4.17.1 libuuid1-32bit-debuginfo-2.36.2-150300.4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): util-linux-lang-2.36.2-150300.4.17.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.17.1 libblkid1-debuginfo-2.36.2-150300.4.17.1 libfdisk1-2.36.2-150300.4.17.1 libfdisk1-debuginfo-2.36.2-150300.4.17.1 libmount1-2.36.2-150300.4.17.1 libmount1-debuginfo-2.36.2-150300.4.17.1 libsmartcols1-2.36.2-150300.4.17.1 libsmartcols1-debuginfo-2.36.2-150300.4.17.1 libuuid1-2.36.2-150300.4.17.1 libuuid1-debuginfo-2.36.2-150300.4.17.1 util-linux-2.36.2-150300.4.17.1 util-linux-debuginfo-2.36.2-150300.4.17.1 util-linux-debugsource-2.36.2-150300.4.17.1 util-linux-systemd-2.36.2-150300.4.17.1 util-linux-systemd-debuginfo-2.36.2-150300.4.17.1 util-linux-systemd-debugsource-2.36.2-150300.4.17.1 References: https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Mar 21 14:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 15:16:50 +0100 (CET) Subject: SUSE-SU-2022:0909-1: important: Security update for glibc Message-ID: <20220321141650.9DEB7F37A@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0909-1 Rating: important References: #1194640 #1194768 #1194770 Cross-References: CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVSS scores: CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-909=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-909=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-909=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-909=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-909=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-909=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-909=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): glibc-2.22-119.1 glibc-32bit-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-2.22-119.1 glibc-profile-32bit-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 - SUSE OpenStack Cloud 8 (x86_64): glibc-2.22-119.1 glibc-32bit-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-2.22-119.1 glibc-profile-32bit-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - SUSE OpenStack Cloud 8 (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glibc-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-profile-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): glibc-32bit-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-32bit-2.22-119.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-profile-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): glibc-32bit-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-32bit-2.22-119.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glibc-2.22-119.1 glibc-32bit-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-2.22-119.1 glibc-profile-32bit-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-119.1 glibc-32bit-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-2.22-119.1 glibc-profile-32bit-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - HPE Helion Openstack 8 (x86_64): glibc-2.22-119.1 glibc-32bit-2.22-119.1 glibc-debuginfo-2.22-119.1 glibc-debuginfo-32bit-2.22-119.1 glibc-debugsource-2.22-119.1 glibc-devel-2.22-119.1 glibc-devel-32bit-2.22-119.1 glibc-devel-debuginfo-2.22-119.1 glibc-devel-debuginfo-32bit-2.22-119.1 glibc-locale-2.22-119.1 glibc-locale-32bit-2.22-119.1 glibc-locale-debuginfo-2.22-119.1 glibc-locale-debuginfo-32bit-2.22-119.1 glibc-profile-2.22-119.1 glibc-profile-32bit-2.22-119.1 nscd-2.22-119.1 nscd-debuginfo-2.22-119.1 - HPE Helion Openstack 8 (noarch): glibc-html-2.22-119.1 glibc-i18ndata-2.22-119.1 glibc-info-2.22-119.1 References: https://www.suse.com/security/cve/CVE-2021-3999.html https://www.suse.com/security/cve/CVE-2022-23218.html https://www.suse.com/security/cve/CVE-2022-23219.html https://bugzilla.suse.com/1194640 https://bugzilla.suse.com/1194768 https://bugzilla.suse.com/1194770 From sle-updates at lists.suse.com Mon Mar 21 14:18:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 15:18:09 +0100 (CET) Subject: SUSE-SU-2022:0908-1: important: Security update for bind Message-ID: <20220321141809.8D963F37A@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0908-1 Rating: important References: #1197135 Cross-References: CVE-2021-25220 CVSS scores: CVE-2021-25220 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-908=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-908=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-908=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-908=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-908=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-908=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bind-9.11.22-3.40.1 bind-chrootenv-9.11.22-3.40.1 bind-debuginfo-9.11.22-3.40.1 bind-debugsource-9.11.22-3.40.1 bind-utils-9.11.22-3.40.1 bind-utils-debuginfo-9.11.22-3.40.1 libbind9-161-9.11.22-3.40.1 libbind9-161-debuginfo-9.11.22-3.40.1 libdns1110-9.11.22-3.40.1 libdns1110-debuginfo-9.11.22-3.40.1 libirs161-9.11.22-3.40.1 libirs161-debuginfo-9.11.22-3.40.1 libisc1107-32bit-9.11.22-3.40.1 libisc1107-9.11.22-3.40.1 libisc1107-debuginfo-32bit-9.11.22-3.40.1 libisc1107-debuginfo-9.11.22-3.40.1 libisccc161-9.11.22-3.40.1 libisccc161-debuginfo-9.11.22-3.40.1 libisccfg163-9.11.22-3.40.1 libisccfg163-debuginfo-9.11.22-3.40.1 liblwres161-9.11.22-3.40.1 liblwres161-debuginfo-9.11.22-3.40.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): bind-doc-9.11.22-3.40.1 python-bind-9.11.22-3.40.1 - SUSE OpenStack Cloud 9 (noarch): bind-doc-9.11.22-3.40.1 python-bind-9.11.22-3.40.1 - SUSE OpenStack Cloud 9 (x86_64): bind-9.11.22-3.40.1 bind-chrootenv-9.11.22-3.40.1 bind-debuginfo-9.11.22-3.40.1 bind-debugsource-9.11.22-3.40.1 bind-utils-9.11.22-3.40.1 bind-utils-debuginfo-9.11.22-3.40.1 libbind9-161-9.11.22-3.40.1 libbind9-161-debuginfo-9.11.22-3.40.1 libdns1110-9.11.22-3.40.1 libdns1110-debuginfo-9.11.22-3.40.1 libirs161-9.11.22-3.40.1 libirs161-debuginfo-9.11.22-3.40.1 libisc1107-32bit-9.11.22-3.40.1 libisc1107-9.11.22-3.40.1 libisc1107-debuginfo-32bit-9.11.22-3.40.1 libisc1107-debuginfo-9.11.22-3.40.1 libisccc161-9.11.22-3.40.1 libisccc161-debuginfo-9.11.22-3.40.1 libisccfg163-9.11.22-3.40.1 libisccfg163-debuginfo-9.11.22-3.40.1 liblwres161-9.11.22-3.40.1 liblwres161-debuginfo-9.11.22-3.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.22-3.40.1 bind-debugsource-9.11.22-3.40.1 bind-devel-9.11.22-3.40.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bind-9.11.22-3.40.1 bind-chrootenv-9.11.22-3.40.1 bind-debuginfo-9.11.22-3.40.1 bind-debugsource-9.11.22-3.40.1 bind-utils-9.11.22-3.40.1 bind-utils-debuginfo-9.11.22-3.40.1 libbind9-161-9.11.22-3.40.1 libbind9-161-debuginfo-9.11.22-3.40.1 libdns1110-9.11.22-3.40.1 libdns1110-debuginfo-9.11.22-3.40.1 libirs161-9.11.22-3.40.1 libirs161-debuginfo-9.11.22-3.40.1 libisc1107-9.11.22-3.40.1 libisc1107-debuginfo-9.11.22-3.40.1 libisccc161-9.11.22-3.40.1 libisccc161-debuginfo-9.11.22-3.40.1 libisccfg163-9.11.22-3.40.1 libisccfg163-debuginfo-9.11.22-3.40.1 liblwres161-9.11.22-3.40.1 liblwres161-debuginfo-9.11.22-3.40.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bind-doc-9.11.22-3.40.1 python-bind-9.11.22-3.40.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libisc1107-32bit-9.11.22-3.40.1 libisc1107-debuginfo-32bit-9.11.22-3.40.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.40.1 bind-chrootenv-9.11.22-3.40.1 bind-debuginfo-9.11.22-3.40.1 bind-debugsource-9.11.22-3.40.1 bind-utils-9.11.22-3.40.1 bind-utils-debuginfo-9.11.22-3.40.1 libbind9-161-9.11.22-3.40.1 libbind9-161-debuginfo-9.11.22-3.40.1 libdns1110-9.11.22-3.40.1 libdns1110-debuginfo-9.11.22-3.40.1 libirs161-9.11.22-3.40.1 libirs161-debuginfo-9.11.22-3.40.1 libisc1107-9.11.22-3.40.1 libisc1107-debuginfo-9.11.22-3.40.1 libisccc161-9.11.22-3.40.1 libisccc161-debuginfo-9.11.22-3.40.1 libisccfg163-9.11.22-3.40.1 libisccfg163-debuginfo-9.11.22-3.40.1 liblwres161-9.11.22-3.40.1 liblwres161-debuginfo-9.11.22-3.40.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libisc1107-32bit-9.11.22-3.40.1 libisc1107-debuginfo-32bit-9.11.22-3.40.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bind-doc-9.11.22-3.40.1 python-bind-9.11.22-3.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.40.1 bind-chrootenv-9.11.22-3.40.1 bind-debuginfo-9.11.22-3.40.1 bind-debugsource-9.11.22-3.40.1 bind-utils-9.11.22-3.40.1 bind-utils-debuginfo-9.11.22-3.40.1 libbind9-161-9.11.22-3.40.1 libbind9-161-debuginfo-9.11.22-3.40.1 libdns1110-9.11.22-3.40.1 libdns1110-debuginfo-9.11.22-3.40.1 libirs161-9.11.22-3.40.1 libirs161-debuginfo-9.11.22-3.40.1 libisc1107-9.11.22-3.40.1 libisc1107-debuginfo-9.11.22-3.40.1 libisccc161-9.11.22-3.40.1 libisccc161-debuginfo-9.11.22-3.40.1 libisccfg163-9.11.22-3.40.1 libisccfg163-debuginfo-9.11.22-3.40.1 liblwres161-9.11.22-3.40.1 liblwres161-debuginfo-9.11.22-3.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libisc1107-32bit-9.11.22-3.40.1 libisc1107-debuginfo-32bit-9.11.22-3.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bind-doc-9.11.22-3.40.1 python-bind-9.11.22-3.40.1 References: https://www.suse.com/security/cve/CVE-2021-25220.html https://bugzilla.suse.com/1197135 From sle-updates at lists.suse.com Mon Mar 21 14:18:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 15:18:45 +0100 (CET) Subject: SUSE-SU-2022:0906-1: important: Security update for MozillaThunderbird Message-ID: <20220321141845.5BB5DF37A@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0906-1 Rating: important References: #1196900 Cross-References: CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Updated to version 91.7 (bsc#1196900): - CVE-2022-26381: Fixed an invalid memory access due to text reflow when SVG objects were present. - CVE-2022-26383: Fixed an issue where, when resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. - CVE-2022-26384: Fixed an iframe XSS sandbox bypass when allow-popups was used on the iframe. - CVE-2022-26386: Fixed an issue where downloadable temporary files were accessible to other local users. - CVE-2022-26387: Fixed a potential add-on signature verification bypass due to a race condition. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-906=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-906=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-906=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-906=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.7.0-150200.8.62.7 MozillaThunderbird-debuginfo-91.7.0-150200.8.62.7 MozillaThunderbird-debugsource-91.7.0-150200.8.62.7 MozillaThunderbird-translations-common-91.7.0-150200.8.62.7 MozillaThunderbird-translations-other-91.7.0-150200.8.62.7 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.7.0-150200.8.62.7 MozillaThunderbird-debuginfo-91.7.0-150200.8.62.7 MozillaThunderbird-debugsource-91.7.0-150200.8.62.7 MozillaThunderbird-translations-common-91.7.0-150200.8.62.7 MozillaThunderbird-translations-other-91.7.0-150200.8.62.7 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.7.0-150200.8.62.7 MozillaThunderbird-debuginfo-91.7.0-150200.8.62.7 MozillaThunderbird-debugsource-91.7.0-150200.8.62.7 MozillaThunderbird-translations-common-91.7.0-150200.8.62.7 MozillaThunderbird-translations-other-91.7.0-150200.8.62.7 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.7.0-150200.8.62.7 MozillaThunderbird-debuginfo-91.7.0-150200.8.62.7 MozillaThunderbird-debugsource-91.7.0-150200.8.62.7 MozillaThunderbird-translations-common-91.7.0-150200.8.62.7 MozillaThunderbird-translations-other-91.7.0-150200.8.62.7 References: https://www.suse.com/security/cve/CVE-2022-26381.html https://www.suse.com/security/cve/CVE-2022-26383.html https://www.suse.com/security/cve/CVE-2022-26384.html https://www.suse.com/security/cve/CVE-2022-26386.html https://www.suse.com/security/cve/CVE-2022-26387.html https://bugzilla.suse.com/1196900 From sle-updates at lists.suse.com Mon Mar 21 14:19:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 15:19:24 +0100 (CET) Subject: SUSE-SU-2022:0910-1: moderate: Security update for kernel-firmware Message-ID: <20220321141924.A6A31F37A@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0910-1 Rating: moderate References: #1195786 Cross-References: CVE-2021-33139 CVE-2021-33155 CVSS scores: CVE-2021-33139 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-910=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-910=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-910=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-910=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-910=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-firmware-20190618-5.22.1 ucode-amd-20190618-5.22.1 - SUSE OpenStack Cloud 9 (noarch): kernel-firmware-20190618-5.22.1 ucode-amd-20190618-5.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-firmware-20190618-5.22.1 ucode-amd-20190618-5.22.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-firmware-20190618-5.22.1 ucode-amd-20190618-5.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-firmware-20190618-5.22.1 ucode-amd-20190618-5.22.1 References: https://www.suse.com/security/cve/CVE-2021-33139.html https://www.suse.com/security/cve/CVE-2021-33155.html https://bugzilla.suse.com/1195786 From sle-updates at lists.suse.com Mon Mar 21 14:20:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 15:20:02 +0100 (CET) Subject: SUSE-SU-2022:14923-1: important: Security update for glibc Message-ID: <20220321142002.BD4B9F385@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14923-1 Rating: important References: #1193615 #1193616 #1194640 #1194768 #1194770 Cross-References: CVE-2015-8982 CVE-2015-8983 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVSS scores: CVE-2015-8982 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-8982 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-8983 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768, BZ #22542) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770, BZ #28768) - CVE-2021-3999: Fixed in getcwd to set errno to ERANGE for size == 1 (bsc#1194640, BZ #28769) - CVE-2015-8983: Fixed _IO_wstr_overflow integer overflow (bsc#1193615, BZ #17269) - CVE-2015-8982: Fixed memory handling in strxfrm_l (bsc#1193616, BZ #16009) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-glibc-14923=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-14923=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-14923=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-14923=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 i686 ppc64 s390x x86_64): glibc-2.11.3-17.110.40.1 glibc-devel-2.11.3-17.110.40.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.40.1 glibc-i18ndata-2.11.3-17.110.40.1 glibc-info-2.11.3-17.110.40.1 glibc-locale-2.11.3-17.110.40.1 glibc-profile-2.11.3-17.110.40.1 nscd-2.11.3-17.110.40.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.40.1 glibc-devel-32bit-2.11.3-17.110.40.1 glibc-locale-32bit-2.11.3-17.110.40.1 glibc-profile-32bit-2.11.3-17.110.40.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.40.1 glibc-devel-2.11.3-17.110.40.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.40.1 glibc-i18ndata-2.11.3-17.110.40.1 glibc-info-2.11.3-17.110.40.1 glibc-locale-2.11.3-17.110.40.1 glibc-profile-2.11.3-17.110.40.1 nscd-2.11.3-17.110.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i686 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.40.1 glibc-debugsource-2.11.3-17.110.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.40.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.40.1 glibc-debugsource-2.11.3-17.110.40.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.40.1 References: https://www.suse.com/security/cve/CVE-2015-8982.html https://www.suse.com/security/cve/CVE-2015-8983.html https://www.suse.com/security/cve/CVE-2021-3999.html https://www.suse.com/security/cve/CVE-2022-23218.html https://www.suse.com/security/cve/CVE-2022-23219.html https://bugzilla.suse.com/1193615 https://bugzilla.suse.com/1193616 https://bugzilla.suse.com/1194640 https://bugzilla.suse.com/1194768 https://bugzilla.suse.com/1194770 From sle-updates at lists.suse.com Mon Mar 21 17:17:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 18:17:03 +0100 (CET) Subject: SUSE-FU-2022:0911-1: moderate: Feature update for libbluray Message-ID: <20220321171703.95A00F386@maintenance.suse.de> SUSE Feature Update: Feature update for libbluray ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0911-1 Rating: moderate References: SLE-23838 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for libbluray fixes the following issues: Update to version 1.3.0 (jsc#SLE-23838): - Remove unused dependencies from pkgconfig(libbluray) - Enable build against java-devel >= 10. - Add functions to list and read BD-ROM files. - Add initial support for .fmts files. - Add initial support for OpenJDK 11. - Add initial support for UHD disc BD-J menus. - Add support for AWT mouse events (BD-J). - Add support for compiling .jar file with Java 9+ compiler. - Add support for separate key pressed / typed / released user input events. - Enable playback without menus when index.bdmv is missing. - Fix JVM bootstrap issues with some Java 9 versions. - Fix build with Java 1.6. - Fix build with OpenJDK 12 / 13. - Fix creating organization and disc specific BD-J BUDA directories. - Fix memory leak - Fix loading classes with Windows Java 8. - Fix loading libmmbd in Windows 64-bit. - Fix long delay in "Evangelion, You are (not) alone" menu. - Fix mark triggering when multiple marks are passed during single read(). - Fix playback of discs without normal titles (only TopMenu / FirstPlay title). - Fix playback of some broken BD-J discs. - Fix polygon-based BD-J graphics primitives. - Fix reading resources indirectly from mounted .jar file. - Fix resetting user-selected streams when playing without menus. - Fix seek bar pop-up at chapter boundary with some discs. - Fix sign extended bytes when reading single bytes in BDJ. - Fix stack overflow when using Java9+ with debugger connection. - Improve BD-J compability. - Improve JVM and .jar file probing. - Improve Java 8+ compability. - Improve UHD metadata support. - Improve error resilience and stability. - Improve main title selection. - Improve missing/broken playlist handling. - Improve portability. - Move AWT classes to separate .jar file. - Rename list_titles to bd_list_titles and add it to installed programs. - Update libudfread submodule repository URL. - Use external libudfread when available. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-911=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.3.0-150300.10.3.1 libbluray-devel-1.3.0-150300.10.3.1 libbluray2-1.3.0-150300.10.3.1 libbluray2-debuginfo-1.3.0-150300.10.3.1 References: From sle-updates at lists.suse.com Mon Mar 21 17:17:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 18:17:55 +0100 (CET) Subject: SUSE-SU-2022:0050-2: important: Security update for net-snmp Message-ID: <20220321171755.0B8CEF386@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0050-2 Rating: important References: #1027353 #1081164 #1102775 #1108471 #1111122 #1116807 #1140341 #1145864 #1152968 #1174961 #1178021 #1178351 #1179009 #1179699 #1181591 SLE-6120 Cross-References: CVE-2018-18065 CVE-2020-15862 CVSS scores: CVE-2018-18065 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-18065 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-15862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-15862 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has 13 fixes is now available. Description: This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) - CVE-2018-18065: Fix remote DoS in agent/helpers/table.c (bsc#1111122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-50=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-50=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-50=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-50=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-50=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-50=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-50=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-50=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-50=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-50=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Manager Proxy 4.1 (x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://www.suse.com/security/cve/CVE-2020-15862.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1108471 https://bugzilla.suse.com/1111122 https://bugzilla.suse.com/1116807 https://bugzilla.suse.com/1140341 https://bugzilla.suse.com/1145864 https://bugzilla.suse.com/1152968 https://bugzilla.suse.com/1174961 https://bugzilla.suse.com/1178021 https://bugzilla.suse.com/1178351 https://bugzilla.suse.com/1179009 https://bugzilla.suse.com/1179699 https://bugzilla.suse.com/1181591 From sle-updates at lists.suse.com Mon Mar 21 20:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 21:17:09 +0100 (CET) Subject: SUSE-SU-2022:14924-1: important: Security update for apache2 Message-ID: <20220321201709.4B0C2F386@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14924-1 Rating: important References: #1197095 #1197096 Cross-References: CVE-2022-22720 CVE-2022-22721 CVSS scores: CVE-2022-22720 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22720 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-22721 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22721 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-apache2-14924=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-apache2-14924=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-14924=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-apache2-14924=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): apache2-2.2.34-70.41.1 apache2-doc-2.2.34-70.41.1 apache2-example-pages-2.2.34-70.41.1 apache2-prefork-2.2.34-70.41.1 apache2-utils-2.2.34-70.41.1 apache2-worker-2.2.34-70.41.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-2.2.34-70.41.1 apache2-devel-2.2.34-70.41.1 apache2-doc-2.2.34-70.41.1 apache2-example-pages-2.2.34-70.41.1 apache2-prefork-2.2.34-70.41.1 apache2-utils-2.2.34-70.41.1 apache2-worker-2.2.34-70.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): apache2-debuginfo-2.2.34-70.41.1 apache2-debugsource-2.2.34-70.41.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): apache2-debuginfo-2.2.34-70.41.1 apache2-debugsource-2.2.34-70.41.1 References: https://www.suse.com/security/cve/CVE-2022-22720.html https://www.suse.com/security/cve/CVE-2022-22721.html https://bugzilla.suse.com/1197095 https://bugzilla.suse.com/1197096 From sle-updates at lists.suse.com Mon Mar 21 20:18:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 21:18:19 +0100 (CET) Subject: SUSE-SU-2022:0915-1: moderate: Security update for lapack Message-ID: <20220321201819.E0629F386@maintenance.suse.de> SUSE Security Update: Security update for lapack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0915-1 Rating: moderate References: #1193562 Cross-References: CVE-2021-4048 CVSS scores: CVE-2021-4048 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-4048 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lapack fixes the following issues: - CVE-2021-4048: Fixed an out of bounds read when user input was not validated properly (bsc#1193562). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-915=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-915=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-915=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): blas-devel-3.5.0-4.6.1 lapack-debugsource-3.5.0-4.6.1 lapack-devel-3.5.0-4.6.1 libblas3-3.5.0-4.6.1 libblas3-debuginfo-3.5.0-4.6.1 liblapack3-3.5.0-4.6.1 liblapack3-debuginfo-3.5.0-4.6.1 liblapacke3-3.5.0-4.6.1 liblapacke3-debuginfo-3.5.0-4.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): lapack-debugsource-3.5.0-4.6.1 liblapacke3-3.5.0-4.6.1 liblapacke3-debuginfo-3.5.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): blas-devel-3.5.0-4.6.1 lapack-debugsource-3.5.0-4.6.1 lapack-devel-3.5.0-4.6.1 libblas3-3.5.0-4.6.1 libblas3-debuginfo-3.5.0-4.6.1 liblapack3-3.5.0-4.6.1 liblapack3-debuginfo-3.5.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2021-4048.html https://bugzilla.suse.com/1193562 From sle-updates at lists.suse.com Mon Mar 21 20:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 21:18:54 +0100 (CET) Subject: SUSE-SU-2022:0913-1: moderate: Security update for lapack Message-ID: <20220321201854.EF1FCF386@maintenance.suse.de> SUSE Security Update: Security update for lapack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0913-1 Rating: moderate References: #1193562 Cross-References: CVE-2021-4048 CVSS scores: CVE-2021-4048 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-4048 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lapack fixes the following issues: - CVE-2021-4048: Fixed an out of bounds read when user input was not validated properly (bsc#1193562). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-913=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-913=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): blas-devel-3.5.0-3.9.1 blas-devel-static-3.5.0-3.9.1 lapack-debugsource-3.5.0-3.9.1 lapack-devel-3.5.0-3.9.1 lapack-devel-static-3.5.0-3.9.1 lapacke-devel-3.5.0-3.9.1 lapacke-devel-static-3.5.0-3.9.1 liblapacke3-3.5.0-3.9.1 liblapacke3-debuginfo-3.5.0-3.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): lapack-debugsource-3.5.0-3.9.1 libblas3-3.5.0-3.9.1 libblas3-debuginfo-3.5.0-3.9.1 liblapack3-3.5.0-3.9.1 liblapack3-debuginfo-3.5.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-4048.html https://bugzilla.suse.com/1193562 From sle-updates at lists.suse.com Mon Mar 21 20:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 21:19:34 +0100 (CET) Subject: SUSE-SU-2022:0918-1: important: Security update for apache2 Message-ID: <20220321201934.E8C59F386@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0918-1 Rating: important References: #1197091 #1197095 #1197096 #1197098 Cross-References: CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVSS scores: CVE-2022-22719 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22719 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22720 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22720 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-22721 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22721 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-23943 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23943 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-918=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-918=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-918=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-918=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-918=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-918=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-918=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-918=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-918=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-918=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-918=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.88.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.88.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.88.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.88.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.88.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.88.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.88.1 apache2-debuginfo-2.4.23-29.88.1 apache2-debugsource-2.4.23-29.88.1 apache2-example-pages-2.4.23-29.88.1 apache2-prefork-2.4.23-29.88.1 apache2-prefork-debuginfo-2.4.23-29.88.1 apache2-utils-2.4.23-29.88.1 apache2-utils-debuginfo-2.4.23-29.88.1 apache2-worker-2.4.23-29.88.1 apache2-worker-debuginfo-2.4.23-29.88.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.88.1 References: https://www.suse.com/security/cve/CVE-2022-22719.html https://www.suse.com/security/cve/CVE-2022-22720.html https://www.suse.com/security/cve/CVE-2022-22721.html https://www.suse.com/security/cve/CVE-2022-23943.html https://bugzilla.suse.com/1197091 https://bugzilla.suse.com/1197095 https://bugzilla.suse.com/1197096 https://bugzilla.suse.com/1197098 From sle-updates at lists.suse.com Mon Mar 21 20:21:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 21:21:51 +0100 (CET) Subject: SUSE-RU-2022:0912-1: Recommended update for google-droid-fonts Message-ID: <20220321202151.1FEF1F386@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-droid-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0912-1 Rating: low References: #1190886 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-droid-fonts fixes the following issue: - Use newest DroidSansFallback.ttf and DroidSansMono.ttf (bsc#1190886). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-912=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-912=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-912=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-912=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-912=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-912=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-912=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-912=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-912=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-912=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-912=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-912=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE OpenStack Cloud 9 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE OpenStack Cloud 8 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): google-droid-fonts-20121204-3.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): google-droid-fonts-20121204-3.6.1 - HPE Helion Openstack 8 (noarch): google-droid-fonts-20121204-3.6.1 References: https://bugzilla.suse.com/1190886 From sle-updates at lists.suse.com Mon Mar 21 20:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Mar 2022 21:22:30 +0100 (CET) Subject: SUSE-RU-2022:0914-1: Recommended update for qemu Message-ID: <20220321202230.F230FF386@maintenance.suse.de> SUSE Recommended Update: Recommended update for qemu ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0914-1 Rating: low References: Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for qemu fixes the following issues: Increased the build version number to avoid downgrade issues. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-914=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-914=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): qemu-ipxe-1.0.0+-150200.66.3 qemu-microvm-4.2.1-150200.66.3 qemu-seabios-1.12.1+-150200.66.3 qemu-sgabios-8-150200.66.3 qemu-vgabios-1.12.1+-150200.66.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): qemu-4.2.1-150200.66.3 qemu-audio-alsa-4.2.1-150200.66.3 qemu-audio-alsa-debuginfo-4.2.1-150200.66.3 qemu-audio-pa-4.2.1-150200.66.3 qemu-audio-pa-debuginfo-4.2.1-150200.66.3 qemu-block-curl-4.2.1-150200.66.3 qemu-block-curl-debuginfo-4.2.1-150200.66.3 qemu-block-iscsi-4.2.1-150200.66.3 qemu-block-iscsi-debuginfo-4.2.1-150200.66.3 qemu-block-rbd-4.2.1-150200.66.3 qemu-block-rbd-debuginfo-4.2.1-150200.66.3 qemu-block-ssh-4.2.1-150200.66.3 qemu-block-ssh-debuginfo-4.2.1-150200.66.3 qemu-debuginfo-4.2.1-150200.66.3 qemu-debugsource-4.2.1-150200.66.3 qemu-guest-agent-4.2.1-150200.66.3 qemu-guest-agent-debuginfo-4.2.1-150200.66.3 qemu-kvm-4.2.1-150200.66.3 qemu-lang-4.2.1-150200.66.3 qemu-tools-4.2.1-150200.66.3 qemu-tools-debuginfo-4.2.1-150200.66.3 qemu-ui-curses-4.2.1-150200.66.3 qemu-ui-curses-debuginfo-4.2.1-150200.66.3 qemu-ui-gtk-4.2.1-150200.66.3 qemu-ui-gtk-debuginfo-4.2.1-150200.66.3 qemu-ui-spice-app-4.2.1-150200.66.3 qemu-ui-spice-app-debuginfo-4.2.1-150200.66.3 qemu-x86-4.2.1-150200.66.3 qemu-x86-debuginfo-4.2.1-150200.66.3 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): qemu-4.2.1-150200.66.3 qemu-debuginfo-4.2.1-150200.66.3 qemu-debugsource-4.2.1-150200.66.3 qemu-tools-4.2.1-150200.66.3 qemu-tools-debuginfo-4.2.1-150200.66.3 - SUSE Linux Enterprise Micro 5.0 (aarch64): qemu-arm-4.2.1-150200.66.3 qemu-arm-debuginfo-4.2.1-150200.66.3 - SUSE Linux Enterprise Micro 5.0 (noarch): qemu-ipxe-1.0.0+-150200.66.3 qemu-seabios-1.12.1+-150200.66.3 qemu-sgabios-8-150200.66.3 qemu-vgabios-1.12.1+-150200.66.3 - SUSE Linux Enterprise Micro 5.0 (x86_64): qemu-x86-4.2.1-150200.66.3 qemu-x86-debuginfo-4.2.1-150200.66.3 References: From sle-updates at lists.suse.com Mon Mar 21 23:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:16:39 +0100 (CET) Subject: SUSE-RU-2022:0921-1: Test update for SUSE:SLE-15-SP4:Update (retracted) Message-ID: <20220321231639.D7628F46D@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP4:Update (retracted) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0921-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a retracted test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-921=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-retracted-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:17:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:17:41 +0100 (CET) Subject: SUSE-RU-2022:0920-1: Test update for SUSE:SLE-15-SP4:Update (affects-package-manager) Message-ID: <20220321231741.BCA18F46D@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP4:Update (affects-package-manager) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0920-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a affects-package-manager test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-920=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-affects-package-manager-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:18:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:18:14 +0100 (CET) Subject: SUSE-OU-2022:0922-1: Test update for SUSE:SLE-15-SP4:Update (optional) Message-ID: <20220321231814.DF8A9F46D@maintenance.suse.de> SUSE Optional Update: Test update for SUSE:SLE-15-SP4:Update (optional) ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:0922-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This is a optional test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-922=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-optional-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:18:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:18:48 +0100 (CET) Subject: SUSE-SU-2022:0923-1: important: Test update for SUSE:SLE-15-SP4:Update (security) Message-ID: <20220321231848.EF0DBF46D@maintenance.suse.de> SUSE Security Update: Test update for SUSE:SLE-15-SP4:Update (security) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0923-1 Rating: important References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-923=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-security-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:19:22 +0100 (CET) Subject: SUSE-RU-2022:0924-1: Test update for SUSE:SLE-15-SP4:Update (trivial) Message-ID: <20220321231922.0F5CDF46D@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP4:Update (trivial) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0924-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a trivial test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-924=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-trivial-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:19:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:19:54 +0100 (CET) Subject: SUSE-RU-2022:0927-1: Test update for SUSE:SLE-15-SP4:Update (interactive) Message-ID: <20220321231954.37EA8F46D@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP4:Update (interactive) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0927-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a interactive test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-927=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-interactive-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:20:55 +0100 (CET) Subject: SUSE-FU-2022:0925-1: Test update for SUSE:SLE-15-SP4:Update (feature) Message-ID: <20220321232055.E1927F46D@maintenance.suse.de> SUSE Feature Update: Test update for SUSE:SLE-15-SP4:Update (feature) ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0925-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one feature fix can now be installed. Description: This is a feature test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-925=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-feature-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:22:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:22:28 +0100 (CET) Subject: SUSE-RU-2022:0919-1: Test update for SUSE:SLE-15-SP4:Update (relogin-suggested) Message-ID: <20220321232228.60DC3F46D@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP4:Update (relogin-suggested) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0919-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a relogin-suggested test update for SUSE:SLE-15-SP4:Update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-919=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-relogin-suggested-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Mon Mar 21 23:24:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:24:09 +0100 (CET) Subject: SUSE-SU-2022:0928-1: important: Security update for apache2 Message-ID: <20220321232409.9BF24F46D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0928-1 Rating: important References: #1196249 #1197091 #1197095 #1197096 #1197098 #1197177 #1197301 Cross-References: CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVSS scores: CVE-2022-22719 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22719 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22720 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22720 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-22721 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22721 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-23943 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23943 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Also TLS 1.3 support and openssl 1.1.1 usage was disabled again as it caused regressions in various usage scenarios due to the combination between openssl 1.0.2 and 1.1.1 linkage without correct symbol versions by other libraries / tools. (bsc#1197301 bsc#1197177 bsc#1196249) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-928=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-928=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-35.13.1 apache2-debugsource-2.4.51-35.13.1 apache2-devel-2.4.51-35.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-35.13.1 apache2-debuginfo-2.4.51-35.13.1 apache2-debugsource-2.4.51-35.13.1 apache2-example-pages-2.4.51-35.13.1 apache2-prefork-2.4.51-35.13.1 apache2-prefork-debuginfo-2.4.51-35.13.1 apache2-utils-2.4.51-35.13.1 apache2-utils-debuginfo-2.4.51-35.13.1 apache2-worker-2.4.51-35.13.1 apache2-worker-debuginfo-2.4.51-35.13.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.51-35.13.1 References: https://www.suse.com/security/cve/CVE-2022-22719.html https://www.suse.com/security/cve/CVE-2022-22720.html https://www.suse.com/security/cve/CVE-2022-22721.html https://www.suse.com/security/cve/CVE-2022-23943.html https://bugzilla.suse.com/1196249 https://bugzilla.suse.com/1197091 https://bugzilla.suse.com/1197095 https://bugzilla.suse.com/1197096 https://bugzilla.suse.com/1197098 https://bugzilla.suse.com/1197177 https://bugzilla.suse.com/1197301 From sle-updates at lists.suse.com Mon Mar 21 23:26:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 00:26:53 +0100 (CET) Subject: SUSE-RU-2022:0926-1: Test update for SUSE:SLE-15-SP4:Update (reboot-needed) Message-ID: <20220321232653.5D722F46D@maintenance.suse.de> SUSE Recommended Update: Test update for SUSE:SLE-15-SP4:Update (reboot-needed) ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0926-1 Rating: low References: #1194507 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a reboot-needed test update for SUSE:SLE-15-SP4:Update Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-926=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): update-test-reboot-needed-5.1-150200.35.1 References: https://bugzilla.suse.com/1194507 From sle-updates at lists.suse.com Tue Mar 22 14:18:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Mar 2022 15:18:01 +0100 (CET) Subject: SUSE-SU-2022:0934-1: moderate: Security update for binutils Message-ID: <20220322141801.BE513F46D@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0934-1 Rating: moderate References: #1179898 #1179899 #1179900 #1179901 #1179902 #1179903 #1180451 #1180454 #1180461 #1181452 #1182252 #1183511 #1183909 #1184519 #1184620 #1184794 #1188941 #1191473 #1192267 PM-2767 SLE-18637 SLE-19618 SLE-21561 Cross-References: CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294 CVE-2021-3487 CVSS scores: CVE-2020-16590 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16590 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-16591 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16591 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16592 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16592 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16593 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16593 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16599 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-16599 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-35448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-35448 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-35493 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35493 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35507 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35507 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20197 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-20197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-20284 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20284 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20294 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20294 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3487 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3487 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves 14 vulnerabilities, contains four features and has 5 fixes is now available. Description: This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses "no symbols" diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the "variable section" from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=