From sle-updates at lists.suse.com Mon May 2 16:16:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 May 2022 18:16:27 +0200 (CEST) Subject: SUSE-RU-2022:1482-1: moderate: Recommended update for mdadm Message-ID: <20220502161627.F0C86F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1482-1 Rating: moderate References: #1196054 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Fix a boot failure with multipath if the reading the VPD page attribute fails and skip RAID assembly if it is set. (bsc#1196054) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1482=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1482=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1482=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1482=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1482=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.12.1 mdadm-debuginfo-4.1-150300.24.12.1 mdadm-debugsource-4.1-150300.24.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.12.1 mdadm-debuginfo-4.1-150300.24.12.1 mdadm-debugsource-4.1-150300.24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.12.1 mdadm-debuginfo-4.1-150300.24.12.1 mdadm-debugsource-4.1-150300.24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mdadm-4.1-150300.24.12.1 mdadm-debuginfo-4.1-150300.24.12.1 mdadm-debugsource-4.1-150300.24.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): mdadm-4.1-150300.24.12.1 mdadm-debuginfo-4.1-150300.24.12.1 mdadm-debugsource-4.1-150300.24.12.1 References: https://bugzilla.suse.com/1196054 From sle-updates at lists.suse.com Mon May 2 16:17:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 May 2022 18:17:01 +0200 (CEST) Subject: SUSE-RU-2022:1481-1: moderate: Recommended update for collectd Message-ID: <20220502161701.579EAF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for collectd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1481-1 Rating: moderate References: SLE-23472 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for collectd fixes the following issues: - Adding new plugin rpm 'collect-plugin-dpdk' including the following modules (jsc#SLE-23472): - dpdkevent - dpdk_telemetry Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1481=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1481=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1481=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): collectd-5.10.0-150200.3.3.1 collectd-debuginfo-5.10.0-150200.3.3.1 collectd-debugsource-5.10.0-150200.3.3.1 collectd-plugin-connectivity-5.10.0-150200.3.3.1 collectd-plugin-connectivity-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-dbi-5.10.0-150200.3.3.1 collectd-plugin-dbi-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-ipmi-5.10.0-150200.3.3.1 collectd-plugin-ipmi-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-java-5.10.0-150200.3.3.1 collectd-plugin-java-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-lua-5.10.0-150200.3.3.1 collectd-plugin-lua-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-mcelog-5.10.0-150200.3.3.1 collectd-plugin-mcelog-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-memcachec-5.10.0-150200.3.3.1 collectd-plugin-memcachec-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-mysql-5.10.0-150200.3.3.1 collectd-plugin-mysql-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-notify-desktop-5.10.0-150200.3.3.1 collectd-plugin-notify-desktop-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-nut-5.10.0-150200.3.3.1 collectd-plugin-nut-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-openldap-5.10.0-150200.3.3.1 collectd-plugin-openldap-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-ovs-5.10.0-150200.3.3.1 collectd-plugin-ovs-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-pcie-5.10.0-150200.3.3.1 collectd-plugin-pcie-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-pinba-5.10.0-150200.3.3.1 collectd-plugin-pinba-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-postgresql-5.10.0-150200.3.3.1 collectd-plugin-postgresql-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-procevent-5.10.0-150200.3.3.1 collectd-plugin-procevent-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-python3-5.10.0-150200.3.3.1 collectd-plugin-python3-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-smart-5.10.0-150200.3.3.1 collectd-plugin-smart-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-snmp-5.10.0-150200.3.3.1 collectd-plugin-snmp-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-synproxy-5.10.0-150200.3.3.1 collectd-plugin-synproxy-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-sysevent-5.10.0-150200.3.3.1 collectd-plugin-sysevent-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-uptime-5.10.0-150200.3.3.1 collectd-plugin-uptime-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-virt-5.10.0-150200.3.3.1 collectd-plugin-virt-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-write_stackdriver-5.10.0-150200.3.3.1 collectd-plugin-write_stackdriver-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-write_syslog-5.10.0-150200.3.3.1 collectd-plugin-write_syslog-debuginfo-5.10.0-150200.3.3.1 collectd-plugins-all-5.10.0-150200.3.3.1 collectd-spamassassin-5.10.0-150200.3.3.1 collectd-web-5.10.0-150200.3.3.1 collectd-web-js-5.10.0-150200.3.3.1 libcollectdclient-devel-5.10.0-150200.3.3.1 libcollectdclient1-5.10.0-150200.3.3.1 libcollectdclient1-debuginfo-5.10.0-150200.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): collectd-5.10.0-150200.3.3.1 collectd-debuginfo-5.10.0-150200.3.3.1 collectd-debugsource-5.10.0-150200.3.3.1 collectd-plugin-connectivity-5.10.0-150200.3.3.1 collectd-plugin-connectivity-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-dbi-5.10.0-150200.3.3.1 collectd-plugin-dbi-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-ipmi-5.10.0-150200.3.3.1 collectd-plugin-ipmi-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-java-5.10.0-150200.3.3.1 collectd-plugin-java-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-lua-5.10.0-150200.3.3.1 collectd-plugin-lua-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-mcelog-5.10.0-150200.3.3.1 collectd-plugin-mcelog-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-memcachec-5.10.0-150200.3.3.1 collectd-plugin-memcachec-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-mysql-5.10.0-150200.3.3.1 collectd-plugin-mysql-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-notify-desktop-5.10.0-150200.3.3.1 collectd-plugin-notify-desktop-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-nut-5.10.0-150200.3.3.1 collectd-plugin-nut-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-openldap-5.10.0-150200.3.3.1 collectd-plugin-openldap-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-ovs-5.10.0-150200.3.3.1 collectd-plugin-ovs-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-pcie-5.10.0-150200.3.3.1 collectd-plugin-pcie-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-pinba-5.10.0-150200.3.3.1 collectd-plugin-pinba-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-postgresql-5.10.0-150200.3.3.1 collectd-plugin-postgresql-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-procevent-5.10.0-150200.3.3.1 collectd-plugin-procevent-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-python3-5.10.0-150200.3.3.1 collectd-plugin-python3-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-smart-5.10.0-150200.3.3.1 collectd-plugin-smart-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-snmp-5.10.0-150200.3.3.1 collectd-plugin-snmp-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-synproxy-5.10.0-150200.3.3.1 collectd-plugin-synproxy-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-sysevent-5.10.0-150200.3.3.1 collectd-plugin-sysevent-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-uptime-5.10.0-150200.3.3.1 collectd-plugin-uptime-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-virt-5.10.0-150200.3.3.1 collectd-plugin-virt-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-write_stackdriver-5.10.0-150200.3.3.1 collectd-plugin-write_stackdriver-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-write_syslog-5.10.0-150200.3.3.1 collectd-plugin-write_syslog-debuginfo-5.10.0-150200.3.3.1 collectd-plugins-all-5.10.0-150200.3.3.1 collectd-spamassassin-5.10.0-150200.3.3.1 collectd-web-5.10.0-150200.3.3.1 collectd-web-js-5.10.0-150200.3.3.1 libcollectdclient-devel-5.10.0-150200.3.3.1 libcollectdclient1-5.10.0-150200.3.3.1 libcollectdclient1-debuginfo-5.10.0-150200.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): collectd-5.10.0-150200.3.3.1 collectd-debuginfo-5.10.0-150200.3.3.1 collectd-debugsource-5.10.0-150200.3.3.1 collectd-plugin-connectivity-5.10.0-150200.3.3.1 collectd-plugin-connectivity-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-dbi-5.10.0-150200.3.3.1 collectd-plugin-dbi-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-ipmi-5.10.0-150200.3.3.1 collectd-plugin-ipmi-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-java-5.10.0-150200.3.3.1 collectd-plugin-java-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-lua-5.10.0-150200.3.3.1 collectd-plugin-lua-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-mcelog-5.10.0-150200.3.3.1 collectd-plugin-mcelog-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-memcachec-5.10.0-150200.3.3.1 collectd-plugin-memcachec-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-mysql-5.10.0-150200.3.3.1 collectd-plugin-mysql-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-notify-desktop-5.10.0-150200.3.3.1 collectd-plugin-notify-desktop-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-nut-5.10.0-150200.3.3.1 collectd-plugin-nut-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-openldap-5.10.0-150200.3.3.1 collectd-plugin-openldap-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-ovs-5.10.0-150200.3.3.1 collectd-plugin-ovs-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-pcie-5.10.0-150200.3.3.1 collectd-plugin-pcie-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-pinba-5.10.0-150200.3.3.1 collectd-plugin-pinba-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-postgresql-5.10.0-150200.3.3.1 collectd-plugin-postgresql-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-procevent-5.10.0-150200.3.3.1 collectd-plugin-procevent-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-python3-5.10.0-150200.3.3.1 collectd-plugin-python3-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-smart-5.10.0-150200.3.3.1 collectd-plugin-smart-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-snmp-5.10.0-150200.3.3.1 collectd-plugin-snmp-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-synproxy-5.10.0-150200.3.3.1 collectd-plugin-synproxy-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-sysevent-5.10.0-150200.3.3.1 collectd-plugin-sysevent-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-uptime-5.10.0-150200.3.3.1 collectd-plugin-uptime-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-virt-5.10.0-150200.3.3.1 collectd-plugin-virt-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-write_stackdriver-5.10.0-150200.3.3.1 collectd-plugin-write_stackdriver-debuginfo-5.10.0-150200.3.3.1 collectd-plugin-write_syslog-5.10.0-150200.3.3.1 collectd-plugin-write_syslog-debuginfo-5.10.0-150200.3.3.1 collectd-plugins-all-5.10.0-150200.3.3.1 collectd-spamassassin-5.10.0-150200.3.3.1 collectd-web-5.10.0-150200.3.3.1 collectd-web-js-5.10.0-150200.3.3.1 libcollectdclient-devel-5.10.0-150200.3.3.1 libcollectdclient1-5.10.0-150200.3.3.1 libcollectdclient1-debuginfo-5.10.0-150200.3.3.1 References: From sle-updates at lists.suse.com Mon May 2 19:16:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 May 2022 21:16:05 +0200 (CEST) Subject: SUSE-SU-2022:1484-1: important: Security update for git Message-ID: <20220502191605.8FE88F790@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1484-1 Rating: important References: #1181400 #1198234 Cross-References: CVE-2022-24765 CVSS scores: CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1484=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1484=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1484=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1484=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1484=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1484=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-credential-gnome-keyring-2.35.3-150300.10.12.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.12.1 git-credential-libsecret-2.35.3-150300.10.12.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-p4-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-credential-gnome-keyring-2.35.3-150300.10.12.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.12.1 git-credential-libsecret-2.35.3-150300.10.12.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-p4-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 - openSUSE Leap 15.3 (noarch): git-doc-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 References: https://www.suse.com/security/cve/CVE-2022-24765.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1198234 From sle-updates at lists.suse.com Mon May 2 19:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 May 2022 21:16:46 +0200 (CEST) Subject: SUSE-SU-2022:1483-1: important: Security update for subversion Message-ID: <20220502191646.A33E0F790@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1483-1 Rating: important References: #1197939 #1197940 #1198503 Cross-References: CVE-2021-28544 CVE-2022-24070 CVSS scores: CVE-2021-28544 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-28544 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24070 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24070 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service (bsc#1197940). - CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939). The following non-security bugs were fixed: - Skip failing test on s390[x] (bsc#1198503). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1483=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-3.6.1 subversion-1.10.6-3.6.1 subversion-debuginfo-1.10.6-3.6.1 subversion-debugsource-1.10.6-3.6.1 subversion-devel-1.10.6-3.6.1 subversion-perl-1.10.6-3.6.1 subversion-perl-debuginfo-1.10.6-3.6.1 subversion-python-1.10.6-3.6.1 subversion-python-debuginfo-1.10.6-3.6.1 subversion-server-1.10.6-3.6.1 subversion-server-debuginfo-1.10.6-3.6.1 subversion-tools-1.10.6-3.6.1 subversion-tools-debuginfo-1.10.6-3.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): subversion-bash-completion-1.10.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-28544.html https://www.suse.com/security/cve/CVE-2022-24070.html https://bugzilla.suse.com/1197939 https://bugzilla.suse.com/1197940 https://bugzilla.suse.com/1198503 From sle-updates at lists.suse.com Mon May 2 19:17:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 May 2022 21:17:32 +0200 (CEST) Subject: SUSE-SU-2022:1485-1: moderate: Security update for python39 Message-ID: <20220502191732.CEF8BF790@maintenance.suse.de> SUSE Security Update: Security update for python39 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1485-1 Rating: moderate References: #1186819 #1189241 #1189287 #1189356 #1193179 SLE-23849 Cross-References: CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3572 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVE-2021-3733 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3733 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3737 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3737 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has two fixes is now available. Description: This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). - Update to 3.9.10 (jsc#SLE-23849) - Remove shebangs from from python-base libraries in _libdir. (bsc#1193179) - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. + bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. + bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. + bpo-45167: Fix deepcopying of types.GenericAlias objects. + bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. + bpo-44959: Added fallback to extension modules with '.sl' suffix on HP-UX + bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. + bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it's called directly or via super(). Patch provided by Yurii Karabas. + bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. + bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. + Library + bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. + bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. + bpo-45438: Fix typing.Signature string representation for generic builtin types. + bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. + bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. + bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. + bpo-45467: Fix incremental decoder and stream reader in the "raw-unicode-escape" codec. Previously they failed if the escape sequence was split. + bpo-45461: Fix incremental decoder and stream reader in the "unicode-escape" codec. Previously they failed if the escape sequence was split. + bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. + bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. + bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :'func:inspect.getabsfile, and return None to indicate that the module could not be determined. + bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop + bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. + bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. + bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. + bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 + bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner. + bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don't support the TCP_NODELAY socket option. + bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit. + bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner. + bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks. + bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator. + bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults. + bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError + bpo-45228: Fix stack buffer overflow in parsing J1939 network address. + bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol. + bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice. + bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state. + bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef. + bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument. + bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas. + bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container. + bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module + bpo-45030: Fix integer overflow in pickling and copying the range iterator. + bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction. + bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight. * Documentation + bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod. + bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood. + bpo-45655: Add a new "relevant PEPs" section to the top of the documentation for the typing module. Patch by Alex Waygood. + bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs. + bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility. + bpo-45449: Add note about PEP 585 in collections.abc. + bpo-45516: Add protocol description to the importlib.abc.Traversable documentation. + bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal. + bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places. + bpo-45772: socket.socket documentation is corrected to a class from a function. + bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor. * Tests + bpo-45578: Add tests for dis.distb() + bpo-45577: Add subtests for all pickle protocols in test_zoneinfo. + bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS. + bpo-40173: Fix test.support.import_helper.import_fresh_module(). + bpo-45280: Add a test case for empty typing.NamedTuple. + bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder. + bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_pr ocess_termination + bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. Patch by Victor Stinner. + bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec(). + bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time. + bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments. + bpo-45765: In importlib.metadata, fix distribution discovery for an empty path. + bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling. * Build + bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux's libuuid, too. + bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules. + bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon. + bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman. + bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building. * C API + bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered. + bpo-44751: Remove crypt.h include from the public Python.h header. - rpm-build-python dependency is available on the current Factory, not with SLE. - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. - Update to 3.9.7: - Security - Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files. - Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - Core and Builtins - Fixed pickling of range iterators that iterated for over 2**32 times. - Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run - Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way. - Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo. - Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex. - Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo - Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END). - Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo. - Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain. - Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo. - Fix undefined behaviour in complex object exponentiation. - Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias. - Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo. - Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo - Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner. - Fix crash when using passing a non-exception to a generator's throw() method. Patch by Noah Oxer - Library - run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator. - Fix bugs in cleaning up classes and modules in unittest: - Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module. - Functions registered with addClassCleanup() were not called if tearDownClass is set to None. - Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup(). - Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes. - Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order. - And several lesser bugs. - Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. - Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner. - Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator. - argparse.BooleanOptionalAction's default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter. - Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0 - Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner. - The @functools.total_ordering() decorator now works with metaclasses. - sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland. - Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep() - Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes. - The tokenize.tokenize() doesn't incorrectly generate a NEWLINE token if the source doesn't end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo - Fix http.client.HTTPSConnection fails to download >2GiB data. - rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method. - weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing. - The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__(). - Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan H??lzl. - Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong. - Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple. - Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected. - handle StopIteration subclass raised from @contextlib.contextmanager generator - Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na. - Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules. - Fix bug with pdb's handling of import error due to a package which does not have a __main__ module - Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage. - pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons. - Handle exceptions from parsing the arg of pdb's run/restart command. - The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland. - Improved string handling for sqlite3 user-defined functions and aggregates: - It is now possible to pass strings with embedded null characters to UDFs - Conversion failures now correctly raise MemoryError - Patch by Erlend E. Aasland. - Handle RecursionError in TracebackException's constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail. - Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding. - The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested. - Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038. - Fix test___all__ on platforms lacking a shared memory implementation. - Pass multiprocessing BaseProxy argument manager_owned through AutoProxy. - email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz. - lib2to3 now recognizes async generators everywhere. - Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile. - Documentation - Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I've added links to the Python Wiki page on GUI frameworks. - Update the definition of __future__ in the glossary by replacing the confusing word "pseudo-module" with a more accurate description. - Add typical examples to os.path.splitext docs - Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory. - Update of three expired hyperlinks in Doc/distributing/index.rst: "Project structure", "Building and packaging the project", and "Uploading the project to the Python Packaging Index". - Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg. - Match the docstring and python implementation of countOf() to the behavior of its c implementation. - List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation. - Clarify that atexit uses equality comparisons internally. - Documentation of csv.Dialect is more descriptive. - Fix documentation for the return type of sysconfig.get_path(). - Add a "Security Considerations" index which links to standard library modules that have explicitly documented security considerations. - Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c, - Tests - Add calls of gc.collect() in tests to support PyPy. - Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka. - Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don't expect it in the output. - Add ability to wholesale silence DeprecationWarnings while running the regression test suite. - Notify users running test_decimal regression tests on macOS of potential harmless "malloc can't allocate region" messages spewed by test_decimal. - Fixed floating point precision issue in turtle tests. - Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file. - Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy - Add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1485=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1485=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1485=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1485=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.10-150300.4.8.1 libpython3_9-1_0-debuginfo-3.9.10-150300.4.8.1 python39-3.9.10-150300.4.8.2 python39-base-3.9.10-150300.4.8.1 python39-base-debuginfo-3.9.10-150300.4.8.1 python39-core-debugsource-3.9.10-150300.4.8.1 python39-curses-3.9.10-150300.4.8.2 python39-curses-debuginfo-3.9.10-150300.4.8.2 python39-dbm-3.9.10-150300.4.8.2 python39-dbm-debuginfo-3.9.10-150300.4.8.2 python39-debuginfo-3.9.10-150300.4.8.2 python39-debugsource-3.9.10-150300.4.8.2 python39-devel-3.9.10-150300.4.8.1 python39-doc-3.9.10-150300.4.8.1 python39-doc-devhelp-3.9.10-150300.4.8.1 python39-idle-3.9.10-150300.4.8.2 python39-testsuite-3.9.10-150300.4.8.1 python39-testsuite-debuginfo-3.9.10-150300.4.8.1 python39-tk-3.9.10-150300.4.8.2 python39-tk-debuginfo-3.9.10-150300.4.8.2 python39-tools-3.9.10-150300.4.8.1 - openSUSE Leap 15.4 (x86_64): libpython3_9-1_0-32bit-3.9.10-150300.4.8.1 libpython3_9-1_0-32bit-debuginfo-3.9.10-150300.4.8.1 python39-32bit-3.9.10-150300.4.8.2 python39-32bit-debuginfo-3.9.10-150300.4.8.2 python39-base-32bit-3.9.10-150300.4.8.1 python39-base-32bit-debuginfo-3.9.10-150300.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.10-150300.4.8.1 libpython3_9-1_0-debuginfo-3.9.10-150300.4.8.1 python39-3.9.10-150300.4.8.2 python39-base-3.9.10-150300.4.8.1 python39-base-debuginfo-3.9.10-150300.4.8.1 python39-core-debugsource-3.9.10-150300.4.8.1 python39-curses-3.9.10-150300.4.8.2 python39-curses-debuginfo-3.9.10-150300.4.8.2 python39-dbm-3.9.10-150300.4.8.2 python39-dbm-debuginfo-3.9.10-150300.4.8.2 python39-debuginfo-3.9.10-150300.4.8.2 python39-debugsource-3.9.10-150300.4.8.2 python39-devel-3.9.10-150300.4.8.1 python39-doc-3.9.10-150300.4.8.1 python39-doc-devhelp-3.9.10-150300.4.8.1 python39-idle-3.9.10-150300.4.8.2 python39-testsuite-3.9.10-150300.4.8.1 python39-testsuite-debuginfo-3.9.10-150300.4.8.1 python39-tk-3.9.10-150300.4.8.2 python39-tk-debuginfo-3.9.10-150300.4.8.2 python39-tools-3.9.10-150300.4.8.1 - openSUSE Leap 15.3 (x86_64): libpython3_9-1_0-32bit-3.9.10-150300.4.8.1 libpython3_9-1_0-32bit-debuginfo-3.9.10-150300.4.8.1 python39-32bit-3.9.10-150300.4.8.2 python39-32bit-debuginfo-3.9.10-150300.4.8.2 python39-base-32bit-3.9.10-150300.4.8.1 python39-base-32bit-debuginfo-3.9.10-150300.4.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python39-core-debugsource-3.9.10-150300.4.8.1 python39-tools-3.9.10-150300.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.10-150300.4.8.1 libpython3_9-1_0-debuginfo-3.9.10-150300.4.8.1 python39-3.9.10-150300.4.8.2 python39-base-3.9.10-150300.4.8.1 python39-base-debuginfo-3.9.10-150300.4.8.1 python39-core-debugsource-3.9.10-150300.4.8.1 python39-curses-3.9.10-150300.4.8.2 python39-curses-debuginfo-3.9.10-150300.4.8.2 python39-dbm-3.9.10-150300.4.8.2 python39-dbm-debuginfo-3.9.10-150300.4.8.2 python39-debuginfo-3.9.10-150300.4.8.2 python39-debugsource-3.9.10-150300.4.8.2 python39-devel-3.9.10-150300.4.8.1 python39-idle-3.9.10-150300.4.8.2 python39-tk-3.9.10-150300.4.8.2 python39-tk-debuginfo-3.9.10-150300.4.8.2 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://www.suse.com/security/cve/CVE-2021-3733.html https://www.suse.com/security/cve/CVE-2021-3737.html https://bugzilla.suse.com/1186819 https://bugzilla.suse.com/1189241 https://bugzilla.suse.com/1189287 https://bugzilla.suse.com/1189356 https://bugzilla.suse.com/1193179 From sle-updates at lists.suse.com Tue May 3 07:15:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:15:37 +0200 (CEST) Subject: SUSE-CU-2022:845-1: Security update of bci/nodejs Message-ID: <20220503071537.E49C9F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:845-1 Container Tags : bci/node:12 , bci/node:12-16.2 , bci/nodejs:12 , bci/nodejs:12-16.2 Container Release : 16.2 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated From sle-updates at lists.suse.com Tue May 3 07:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:19:04 +0200 (CEST) Subject: SUSE-CU-2022:846-1: Security update of bci/nodejs Message-ID: <20220503071904.8967BFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:846-1 Container Tags : bci/node:14 , bci/node:14-19.2 , bci/nodejs:14 , bci/nodejs:14-19.2 Container Release : 19.2 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated From sle-updates at lists.suse.com Tue May 3 07:21:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:21:37 +0200 (CEST) Subject: SUSE-CU-2022:847-1: Security update of bci/nodejs Message-ID: <20220503072137.305DEF7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:847-1 Container Tags : bci/node:16 , bci/node:16-7.2 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-7.2 , bci/nodejs:latest Container Release : 7.2 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated From sle-updates at lists.suse.com Tue May 3 07:27:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:27:42 +0200 (CEST) Subject: SUSE-CU-2022:848-1: Security update of bci/openjdk-devel Message-ID: <20220503072742.06540F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:848-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.3 , bci/openjdk-devel:latest Container Release : 17.3 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated - container:openjdk-11-image-15.3.0-17.1 updated From sle-updates at lists.suse.com Tue May 3 07:35:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:35:30 +0200 (CEST) Subject: SUSE-CU-2022:850-1: Security update of bci/ruby Message-ID: <20220503073530.41289F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:850-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-17.4 , bci/ruby:latest Container Release : 17.4 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated From sle-updates at lists.suse.com Tue May 3 07:36:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:36:02 +0200 (CEST) Subject: SUSE-CU-2022:851-1: Recommended update of bci/bci-micro Message-ID: <20220503073602.3D66AF7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:851-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.9.3 Container Release : 9.3 Severity : moderate Type : recommended References : 1195628 1196107 1196275 1196406 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - bash-sh-4.4-150400.25.17 updated - bash-4.4-150400.25.17 updated - coreutils-8.32-150400.7.3 updated - filesystem-15.0-11.8.1 updated - libcap2-2.63-150400.1.5 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libreadline7-7.0-150400.25.17 updated - libselinux1-3.1-150400.1.62 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - sles-release-15.4-150400.52.3 updated From sle-updates at lists.suse.com Tue May 3 07:36:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 09:36:17 +0200 (CEST) Subject: SUSE-CU-2022:852-1: Security update of bci/bci-minimal Message-ID: <20220503073617.B95A0F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:852-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.10.7 Container Release : 10.7 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193489 1193711 1194968 1195628 1196107 1196275 1196406 1197459 1198062 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2022-1271 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - bash-sh-4.4-150400.25.17 updated - bash-4.4-150400.25.17 updated - coreutils-8.32-150400.7.3 updated - filesystem-15.0-11.8.1 updated - libbz2-1-1.0.8-150400.1.114 updated - libcap2-2.63-150400.1.5 updated - libdw1-0.185-150400.3.29 updated - libelf1-0.185-150400.3.29 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgcrypt20-1.9.4-150400.4.4 updated - libgpg-error0-1.42-150400.1.99 updated - liblzma5-5.2.3-150000.4.7.1 updated - libreadline7-7.0-150400.25.17 updated - libselinux1-3.1-150400.1.62 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libz1-1.2.11-150000.3.30.1 updated - libzstd1-1.5.0-150400.1.65 updated - perl-base-5.26.1-150300.17.3.1 updated - rpm-config-SUSE-1-150400.12.34 updated - rpm-ndb-4.14.3-150300.46.1 updated - sles-release-15.4-150400.52.3 updated - container:micro-image-15.4.0-9.3 updated From sle-updates at lists.suse.com Tue May 3 10:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:17:13 +0200 (CEST) Subject: SUSE-SU-2022:1486-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) Message-ID: <20220503101713.58135FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1486-1 Rating: important References: #1197211 #1197335 #1197344 Cross-References: CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1486=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_93-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Tue May 3 10:18:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:18:00 +0200 (CEST) Subject: SUSE-RU-2022:1488-1: important: Recommended update for sssd Message-ID: <20220503101800.8A681FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1488-1 Rating: important References: #1196564 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fix a crash caused by a read-after-free condition (bsc#1196564) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1488=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1488=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1488=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1488=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1488=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1488=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1488=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1488=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1488=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1488=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 - SUSE Enterprise Storage 6 (x86_64): sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 - SUSE CaaS Platform 4.0 (x86_64): libipa_hbac-devel-1.16.1-150000.8.67.1 libipa_hbac0-1.16.1-150000.8.67.1 libipa_hbac0-debuginfo-1.16.1-150000.8.67.1 libsss_certmap-devel-1.16.1-150000.8.67.1 libsss_certmap0-1.16.1-150000.8.67.1 libsss_certmap0-debuginfo-1.16.1-150000.8.67.1 libsss_idmap-devel-1.16.1-150000.8.67.1 libsss_idmap0-1.16.1-150000.8.67.1 libsss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_nss_idmap-devel-1.16.1-150000.8.67.1 libsss_nss_idmap0-1.16.1-150000.8.67.1 libsss_nss_idmap0-debuginfo-1.16.1-150000.8.67.1 libsss_simpleifp-devel-1.16.1-150000.8.67.1 libsss_simpleifp0-1.16.1-150000.8.67.1 libsss_simpleifp0-debuginfo-1.16.1-150000.8.67.1 python3-sssd-config-1.16.1-150000.8.67.1 python3-sssd-config-debuginfo-1.16.1-150000.8.67.1 sssd-1.16.1-150000.8.67.1 sssd-32bit-1.16.1-150000.8.67.1 sssd-32bit-debuginfo-1.16.1-150000.8.67.1 sssd-ad-1.16.1-150000.8.67.1 sssd-ad-debuginfo-1.16.1-150000.8.67.1 sssd-dbus-1.16.1-150000.8.67.1 sssd-dbus-debuginfo-1.16.1-150000.8.67.1 sssd-debuginfo-1.16.1-150000.8.67.1 sssd-debugsource-1.16.1-150000.8.67.1 sssd-ipa-1.16.1-150000.8.67.1 sssd-ipa-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-1.16.1-150000.8.67.1 sssd-krb5-common-1.16.1-150000.8.67.1 sssd-krb5-common-debuginfo-1.16.1-150000.8.67.1 sssd-krb5-debuginfo-1.16.1-150000.8.67.1 sssd-ldap-1.16.1-150000.8.67.1 sssd-ldap-debuginfo-1.16.1-150000.8.67.1 sssd-proxy-1.16.1-150000.8.67.1 sssd-proxy-debuginfo-1.16.1-150000.8.67.1 sssd-tools-1.16.1-150000.8.67.1 sssd-tools-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-1.16.1-150000.8.67.1 sssd-wbclient-debuginfo-1.16.1-150000.8.67.1 sssd-wbclient-devel-1.16.1-150000.8.67.1 sssd-winbind-idmap-1.16.1-150000.8.67.1 sssd-winbind-idmap-debuginfo-1.16.1-150000.8.67.1 References: https://bugzilla.suse.com/1196564 From sle-updates at lists.suse.com Tue May 3 10:18:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:18:43 +0200 (CEST) Subject: SUSE-RU-2022:1489-1: important: Recommended update for yast2-storage-ng Message-ID: <20220503101843.428E4FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1489-1 Rating: important References: #1197692 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - Fix fstab entry filesystem matching allowing the use of quotes surrounding the device UUID or label (bsc#1197692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1489=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1489=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1489=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1489=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1489=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1489=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1489=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-1489=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1489=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1489=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1489=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Manager Proxy 4.1 (x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): yast2-storage-ng-4.2.122-150200.3.30.1 References: https://bugzilla.suse.com/1197692 From sle-updates at lists.suse.com Tue May 3 10:19:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:19:23 +0200 (CEST) Subject: SUSE-OU-2022:1494-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220503101923.0F621FDFC@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1494-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: hp-drive-guard, upower Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1494=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1494=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1494=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1494=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1494=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1494=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1494=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1494=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hp-drive-guard-0.3.12-150000.4.2.1 hp-drive-guard-debuginfo-0.3.12-150000.4.2.1 hp-drive-guard-debugsource-0.3.12-150000.4.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hp-drive-guard-0.3.12-150000.4.2.1 hp-drive-guard-debuginfo-0.3.12-150000.4.2.1 hp-drive-guard-debugsource-0.3.12-150000.4.2.1 libupower-glib-devel-0.99.11-150200.4.2.1 libupower-glib3-0.99.11-150200.4.2.1 libupower-glib3-debuginfo-0.99.11-150200.4.2.1 typelib-1_0-UpowerGlib-1_0-0.99.11-150200.4.2.1 upower-0.99.11-150200.4.2.1 upower-debuginfo-0.99.11-150200.4.2.1 upower-debugsource-0.99.11-150200.4.2.1 - openSUSE Leap 15.3 (noarch): upower-lang-0.99.11-150200.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): hp-drive-guard-0.3.12-150000.4.2.1 hp-drive-guard-debuginfo-0.3.12-150000.4.2.1 hp-drive-guard-debugsource-0.3.12-150000.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): hp-drive-guard-0.3.12-150000.4.2.1 hp-drive-guard-debuginfo-0.3.12-150000.4.2.1 hp-drive-guard-debugsource-0.3.12-150000.4.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): upower-lang-0.99.11-150200.4.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libupower-glib-devel-0.99.11-150200.4.2.1 libupower-glib3-0.99.11-150200.4.2.1 libupower-glib3-debuginfo-0.99.11-150200.4.2.1 typelib-1_0-UpowerGlib-1_0-0.99.11-150200.4.2.1 upower-0.99.11-150200.4.2.1 upower-debuginfo-0.99.11-150200.4.2.1 upower-debugsource-0.99.11-150200.4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): hp-drive-guard-0.3.12-150000.4.2.1 hp-drive-guard-debuginfo-0.3.12-150000.4.2.1 hp-drive-guard-debugsource-0.3.12-150000.4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): hp-drive-guard-0.3.12-150000.4.2.1 hp-drive-guard-debuginfo-0.3.12-150000.4.2.1 hp-drive-guard-debugsource-0.3.12-150000.4.2.1 libupower-glib3-0.99.11-150200.4.2.1 libupower-glib3-debuginfo-0.99.11-150200.4.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libupower-glib-devel-0.99.11-150200.4.2.1 libupower-glib3-0.99.11-150200.4.2.1 libupower-glib3-debuginfo-0.99.11-150200.4.2.1 typelib-1_0-UpowerGlib-1_0-0.99.11-150200.4.2.1 upower-0.99.11-150200.4.2.1 upower-debuginfo-0.99.11-150200.4.2.1 upower-debugsource-0.99.11-150200.4.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): upower-lang-0.99.11-150200.4.2.1 References: From sle-updates at lists.suse.com Tue May 3 10:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:19:56 +0200 (CEST) Subject: SUSE-OU-2022:1492-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220503101956.E12A4FDFC@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1492-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libdvdread Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1492=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1492=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1492=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1492=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1492=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1492=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libdvdread-debugsource-6.0.0-150000.3.2.1 libdvdread-devel-6.0.0-150000.3.2.1 libdvdread4-6.0.0-150000.3.2.1 libdvdread4-debuginfo-6.0.0-150000.3.2.1 - openSUSE Leap 15.4 (x86_64): libdvdread4-32bit-6.0.0-150000.3.2.1 libdvdread4-32bit-debuginfo-6.0.0-150000.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libdvdread-debugsource-6.0.0-150000.3.2.1 libdvdread-devel-6.0.0-150000.3.2.1 libdvdread4-6.0.0-150000.3.2.1 libdvdread4-debuginfo-6.0.0-150000.3.2.1 - openSUSE Leap 15.3 (x86_64): libdvdread4-32bit-6.0.0-150000.3.2.1 libdvdread4-32bit-debuginfo-6.0.0-150000.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libdvdread-debugsource-6.0.0-150000.3.2.1 libdvdread-devel-6.0.0-150000.3.2.1 libdvdread4-6.0.0-150000.3.2.1 libdvdread4-debuginfo-6.0.0-150000.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libdvdread-debugsource-6.0.0-150000.3.2.1 libdvdread-devel-6.0.0-150000.3.2.1 libdvdread4-6.0.0-150000.3.2.1 libdvdread4-debuginfo-6.0.0-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libdvdread-debugsource-6.0.0-150000.3.2.1 libdvdread-devel-6.0.0-150000.3.2.1 libdvdread4-6.0.0-150000.3.2.1 libdvdread4-debuginfo-6.0.0-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libdvdread-debugsource-6.0.0-150000.3.2.1 libdvdread-devel-6.0.0-150000.3.2.1 libdvdread4-6.0.0-150000.3.2.1 libdvdread4-debuginfo-6.0.0-150000.3.2.1 References: From sle-updates at lists.suse.com Tue May 3 10:20:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:20:31 +0200 (CEST) Subject: SUSE-RU-2022:1491-1: moderate: Recommended update for psmisc Message-ID: <20220503102031.502ADFDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for psmisc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1491-1 Rating: moderate References: #1194172 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1491=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1491=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1491=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1491=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1491=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1491=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1491=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1491=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - openSUSE Leap 15.4 (noarch): psmisc-lang-23.0-150000.6.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - openSUSE Leap 15.3 (noarch): psmisc-lang-23.0-150000.6.22.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): psmisc-lang-23.0-150000.6.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): psmisc-lang-23.0-150000.6.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): psmisc-lang-23.0-150000.6.22.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): psmisc-23.0-150000.6.22.1 psmisc-debuginfo-23.0-150000.6.22.1 psmisc-debugsource-23.0-150000.6.22.1 References: https://bugzilla.suse.com/1194172 From sle-updates at lists.suse.com Tue May 3 10:21:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:21:13 +0200 (CEST) Subject: SUSE-RU-2022:1495-1: important: Recommended update for sssd Message-ID: <20220503102113.6EFB7FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1495-1 Rating: important References: #1190775 #1196564 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fix a crash caused by a read-after-free condition (bsc#1196564) - Add 'ldap_ignore_unreadable_references' parameter to control and skip unreadable entries referenced by 'member' attribute (bsc#1190775) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1495=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1495=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1495=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1495=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1495=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1495=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1495=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1495=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1495=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1495=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Manager Server 4.1 (x86_64): sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Manager Proxy 4.1 (x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libipa_hbac-devel-1.16.1-150200.17.20.2 libipa_hbac0-1.16.1-150200.17.20.2 libipa_hbac0-debuginfo-1.16.1-150200.17.20.2 libsss_certmap-devel-1.16.1-150200.17.20.2 libsss_certmap0-1.16.1-150200.17.20.2 libsss_certmap0-debuginfo-1.16.1-150200.17.20.2 libsss_idmap-devel-1.16.1-150200.17.20.2 libsss_idmap0-1.16.1-150200.17.20.2 libsss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_nss_idmap-devel-1.16.1-150200.17.20.2 libsss_nss_idmap0-1.16.1-150200.17.20.2 libsss_nss_idmap0-debuginfo-1.16.1-150200.17.20.2 libsss_simpleifp-devel-1.16.1-150200.17.20.2 libsss_simpleifp0-1.16.1-150200.17.20.2 libsss_simpleifp0-debuginfo-1.16.1-150200.17.20.2 python3-sssd-config-1.16.1-150200.17.20.2 python3-sssd-config-debuginfo-1.16.1-150200.17.20.2 sssd-1.16.1-150200.17.20.2 sssd-ad-1.16.1-150200.17.20.2 sssd-ad-debuginfo-1.16.1-150200.17.20.2 sssd-common-1.16.1-150200.17.20.2 sssd-common-debuginfo-1.16.1-150200.17.20.2 sssd-dbus-1.16.1-150200.17.20.2 sssd-dbus-debuginfo-1.16.1-150200.17.20.2 sssd-debugsource-1.16.1-150200.17.20.2 sssd-ipa-1.16.1-150200.17.20.2 sssd-ipa-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-1.16.1-150200.17.20.2 sssd-krb5-common-1.16.1-150200.17.20.2 sssd-krb5-common-debuginfo-1.16.1-150200.17.20.2 sssd-krb5-debuginfo-1.16.1-150200.17.20.2 sssd-ldap-1.16.1-150200.17.20.2 sssd-ldap-debuginfo-1.16.1-150200.17.20.2 sssd-proxy-1.16.1-150200.17.20.2 sssd-proxy-debuginfo-1.16.1-150200.17.20.2 sssd-tools-1.16.1-150200.17.20.2 sssd-tools-debuginfo-1.16.1-150200.17.20.2 sssd-winbind-idmap-1.16.1-150200.17.20.2 sssd-winbind-idmap-debuginfo-1.16.1-150200.17.20.2 - SUSE Enterprise Storage 7 (x86_64): sssd-common-32bit-1.16.1-150200.17.20.2 sssd-common-32bit-debuginfo-1.16.1-150200.17.20.2 References: https://bugzilla.suse.com/1190775 https://bugzilla.suse.com/1196564 From sle-updates at lists.suse.com Tue May 3 10:21:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:21:59 +0200 (CEST) Subject: SUSE-RU-2022:1490-1: important: Recommended update for liblangtag Message-ID: <20220503102159.057F7FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for liblangtag ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1490-1 Rating: important References: #1197767 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for liblangtag fixes the following issues: - Fix build of future service packs of SUSE Linux Enterprise 15 (bsc#1197767) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1490=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1490=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1490=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1490=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1490=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1490=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): liblangtag-debugsource-0.6.2-150000.3.6.1 liblangtag-devel-0.6.2-150000.3.6.1 liblangtag1-0.6.2-150000.3.6.1 liblangtag1-debuginfo-0.6.2-150000.3.6.1 - openSUSE Leap 15.4 (noarch): liblangtag-doc-0.6.2-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): liblangtag-debugsource-0.6.2-150000.3.6.1 liblangtag-devel-0.6.2-150000.3.6.1 liblangtag1-0.6.2-150000.3.6.1 liblangtag1-debuginfo-0.6.2-150000.3.6.1 - openSUSE Leap 15.3 (noarch): liblangtag-doc-0.6.2-150000.3.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): liblangtag-debugsource-0.6.2-150000.3.6.1 liblangtag-devel-0.6.2-150000.3.6.1 liblangtag1-0.6.2-150000.3.6.1 liblangtag1-debuginfo-0.6.2-150000.3.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): liblangtag-debugsource-0.6.2-150000.3.6.1 liblangtag-devel-0.6.2-150000.3.6.1 liblangtag1-0.6.2-150000.3.6.1 liblangtag1-debuginfo-0.6.2-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): liblangtag-debugsource-0.6.2-150000.3.6.1 liblangtag-devel-0.6.2-150000.3.6.1 liblangtag1-0.6.2-150000.3.6.1 liblangtag1-debuginfo-0.6.2-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): liblangtag-doc-0.6.2-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): liblangtag-debugsource-0.6.2-150000.3.6.1 liblangtag-devel-0.6.2-150000.3.6.1 liblangtag1-0.6.2-150000.3.6.1 liblangtag1-debuginfo-0.6.2-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): liblangtag-doc-0.6.2-150000.3.6.1 References: https://bugzilla.suse.com/1197767 From sle-updates at lists.suse.com Tue May 3 10:22:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:22:37 +0200 (CEST) Subject: SUSE-RU-2022:1487-1: important: Recommended update for sssd Message-ID: <20220503102237.26FAFFDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1487-1 Rating: important References: #1196564 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fix a crash caused by a read-after-free condition (bsc#1196564) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1487=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1487=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.36.2 libsss_idmap-devel-1.16.1-7.36.2 libsss_nss_idmap-devel-1.16.1-7.36.2 sssd-debugsource-1.16.1-7.36.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.36.2 libipa_hbac0-debuginfo-1.16.1-7.36.2 libsss_certmap0-1.16.1-7.36.2 libsss_certmap0-debuginfo-1.16.1-7.36.2 libsss_idmap0-1.16.1-7.36.2 libsss_idmap0-debuginfo-1.16.1-7.36.2 libsss_nss_idmap0-1.16.1-7.36.2 libsss_nss_idmap0-debuginfo-1.16.1-7.36.2 libsss_simpleifp0-1.16.1-7.36.2 libsss_simpleifp0-debuginfo-1.16.1-7.36.2 python-sssd-config-1.16.1-7.36.2 python-sssd-config-debuginfo-1.16.1-7.36.2 sssd-1.16.1-7.36.2 sssd-ad-1.16.1-7.36.2 sssd-ad-debuginfo-1.16.1-7.36.2 sssd-common-1.16.1-7.36.2 sssd-common-debuginfo-1.16.1-7.36.2 sssd-dbus-1.16.1-7.36.2 sssd-dbus-debuginfo-1.16.1-7.36.2 sssd-debugsource-1.16.1-7.36.2 sssd-ipa-1.16.1-7.36.2 sssd-ipa-debuginfo-1.16.1-7.36.2 sssd-krb5-1.16.1-7.36.2 sssd-krb5-common-1.16.1-7.36.2 sssd-krb5-common-debuginfo-1.16.1-7.36.2 sssd-krb5-debuginfo-1.16.1-7.36.2 sssd-ldap-1.16.1-7.36.2 sssd-ldap-debuginfo-1.16.1-7.36.2 sssd-proxy-1.16.1-7.36.2 sssd-proxy-debuginfo-1.16.1-7.36.2 sssd-tools-1.16.1-7.36.2 sssd-tools-debuginfo-1.16.1-7.36.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-common-32bit-1.16.1-7.36.2 sssd-common-debuginfo-32bit-1.16.1-7.36.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.36.2 References: https://bugzilla.suse.com/1196564 From sle-updates at lists.suse.com Tue May 3 10:23:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:23:18 +0200 (CEST) Subject: SUSE-RU-2022:1496-1: moderate: Recommended update for kvm_stat Message-ID: <20220503102318.57F98FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for kvm_stat ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1496-1 Rating: moderate References: #1178493 #1185945 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kvm_stat fixes the following issues: - Add an appropriate delay in the unit file to ensure kvm module is properly loaded (bsc#1185945) - Add a dummy -rebuild package: give OBS/Tumbleweed a hint to tell when this package needs a rebuild (bsc#1178493) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1496=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1496=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1496=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1496=1 Package List: - openSUSE Leap 15.4 (noarch): kvm_stat-5.3.18-150300.19.3.1 - openSUSE Leap 15.3 (noarch): kvm_stat-5.3.18-150300.19.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): kvm_stat-5.3.18-150300.19.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): kvm_stat-5.3.18-150300.19.3.1 References: https://bugzilla.suse.com/1178493 https://bugzilla.suse.com/1185945 From sle-updates at lists.suse.com Tue May 3 10:24:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 12:24:00 +0200 (CEST) Subject: SUSE-OU-2022:1493-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220503102400.9907BFDFC@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1493-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: a52dec Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1493=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1493=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1493=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1493=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1493=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1493=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): a52dec-0.7.5+svn613-150000.3.2.1 a52dec-debuginfo-0.7.5+svn613-150000.3.2.1 a52dec-debugsource-0.7.5+svn613-150000.3.2.1 liba52-0-0.7.5+svn613-150000.3.2.1 liba52-0-debuginfo-0.7.5+svn613-150000.3.2.1 liba52-devel-0.7.5+svn613-150000.3.2.1 - openSUSE Leap 15.4 (x86_64): liba52-0-32bit-0.7.5+svn613-150000.3.2.1 liba52-0-32bit-debuginfo-0.7.5+svn613-150000.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): a52dec-0.7.5+svn613-150000.3.2.1 a52dec-debuginfo-0.7.5+svn613-150000.3.2.1 a52dec-debugsource-0.7.5+svn613-150000.3.2.1 liba52-0-0.7.5+svn613-150000.3.2.1 liba52-0-debuginfo-0.7.5+svn613-150000.3.2.1 liba52-devel-0.7.5+svn613-150000.3.2.1 - openSUSE Leap 15.3 (x86_64): liba52-0-32bit-0.7.5+svn613-150000.3.2.1 liba52-0-32bit-debuginfo-0.7.5+svn613-150000.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): a52dec-debuginfo-0.7.5+svn613-150000.3.2.1 a52dec-debugsource-0.7.5+svn613-150000.3.2.1 liba52-0-0.7.5+svn613-150000.3.2.1 liba52-0-debuginfo-0.7.5+svn613-150000.3.2.1 liba52-devel-0.7.5+svn613-150000.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): a52dec-debuginfo-0.7.5+svn613-150000.3.2.1 a52dec-debugsource-0.7.5+svn613-150000.3.2.1 liba52-0-0.7.5+svn613-150000.3.2.1 liba52-0-debuginfo-0.7.5+svn613-150000.3.2.1 liba52-devel-0.7.5+svn613-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): a52dec-debuginfo-0.7.5+svn613-150000.3.2.1 a52dec-debugsource-0.7.5+svn613-150000.3.2.1 liba52-0-0.7.5+svn613-150000.3.2.1 liba52-0-debuginfo-0.7.5+svn613-150000.3.2.1 liba52-devel-0.7.5+svn613-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): a52dec-debuginfo-0.7.5+svn613-150000.3.2.1 a52dec-debugsource-0.7.5+svn613-150000.3.2.1 liba52-0-0.7.5+svn613-150000.3.2.1 liba52-0-debuginfo-0.7.5+svn613-150000.3.2.1 liba52-devel-0.7.5+svn613-150000.3.2.1 References: From sle-updates at lists.suse.com Tue May 3 13:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 15:16:21 +0200 (CEST) Subject: SUSE-RU-2022:1503-1: moderate: Recommended update for rpmlint Message-ID: <20220503131621.94637FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1503-1 Rating: moderate References: #1198693 #1199006 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rpmlint fixes the following issues: - whitelist kcron (bsc#1199006) - whitelisted power-profiles-daemon (bsc#1198693). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1503=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1503=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1503=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1503=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1503=1 Package List: - openSUSE Leap 15.4 (noarch): rpmlint-1.10-150000.7.53.1 - openSUSE Leap 15.3 (noarch): rpmlint-1.10-150000.7.53.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): rpmlint-1.10-150000.7.53.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): rpmlint-1.10-150000.7.53.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): rpmlint-1.10-150000.7.53.1 References: https://bugzilla.suse.com/1198693 https://bugzilla.suse.com/1199006 From sle-updates at lists.suse.com Tue May 3 13:16:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 15:16:59 +0200 (CEST) Subject: SUSE-RU-2022:1500-1: Recommended updates for jetty-artifact-remote-resources, jboss-logging Message-ID: <20220503131659.48212FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended updates for jetty-artifact-remote-resources, jboss-logging ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1500-1 Rating: low References: #1197642 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for jetty-artifact-remote-resources, jboss-logging fixes the following issues: - Do not require mvn(log4j:log4j) for build. (bsc#1197642) - Do not build against the log4j12 packages. - Update jboss-logging to 3.4.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1500=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1500=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1500=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1500=1 Package List: - openSUSE Leap 15.4 (noarch): jboss-logging-3.4.1-150200.3.3.1 jboss-logging-javadoc-3.4.1-150200.3.3.1 jetty-artifact-remote-resources-1.2-150200.3.3.1 - openSUSE Leap 15.3 (noarch): jboss-logging-3.4.1-150200.3.3.1 jboss-logging-javadoc-3.4.1-150200.3.3.1 jetty-artifact-remote-resources-1.2-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): jboss-logging-3.4.1-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): jboss-logging-3.4.1-150200.3.3.1 References: https://bugzilla.suse.com/1197642 From sle-updates at lists.suse.com Tue May 3 13:17:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 15:17:37 +0200 (CEST) Subject: SUSE-RU-2022:1499-1: Recommended update for osinfo-db Message-ID: <20220503131737.A6D26FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1499-1 Rating: low References: #1054986 #1165855 #1172008 #1182144 #1188336 #1188692 #1192238 #1196965 #1197958 SLE-17764 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes and contains one feature can now be installed. Description: This update for osinfo-db fixes the following issues: - Update to database version 20220214 - Support for SLE15-SP4. (bsc#1197958, bsc#1188692) - Support for SUSE linux Enterprise Micro 5.2 - Support Oracle Linux as a guest VM. (jsc#SLE-17764, bsc#1192238) - openSUSE Tumbleweed unattended installation with libvirt fails. (bsc#1196965, bsc#1188336) - Fix AutoYaST profiles to pass the validation during installation. (bsc#1182144) - Add support for openSUSE Leap-15.3 and SLE-15.3 - Ensure x86_64 is listed before i686, to have x86_64 selected by default in GNOME Boxes - Add UEFI support to the database for SLES and openSUSE distros. (bsc#1165855, bsc#1172008) - Fix the length of string for the ISO volume id. (bsc#1054986) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1499=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1499=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1499=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1499=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1499=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1499=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): osinfo-db-20220214-150100.3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): osinfo-db-20220214-150100.3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): osinfo-db-20220214-150100.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): osinfo-db-20220214-150100.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): osinfo-db-20220214-150100.3.9.1 - SUSE Enterprise Storage 6 (noarch): osinfo-db-20220214-150100.3.9.1 - SUSE CaaS Platform 4.0 (noarch): osinfo-db-20220214-150100.3.9.1 References: https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1165855 https://bugzilla.suse.com/1172008 https://bugzilla.suse.com/1182144 https://bugzilla.suse.com/1188336 https://bugzilla.suse.com/1188692 https://bugzilla.suse.com/1192238 https://bugzilla.suse.com/1196965 https://bugzilla.suse.com/1197958 From sle-updates at lists.suse.com Tue May 3 13:18:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 15:18:53 +0200 (CEST) Subject: SUSE-RU-2022:1498-1: moderate: Recommended update for daps Message-ID: <20220503131853.349FCFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for daps ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1498-1 Rating: moderate References: #1175214 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for daps fixes the following issues: - Stable release DAPS 3.3.1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1498=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1498=1 Package List: - openSUSE Leap 15.4 (noarch): daps-3.3.1-150300.14.3.2 - openSUSE Leap 15.3 (noarch): daps-3.3.1-150300.14.3.2 References: https://bugzilla.suse.com/1175214 From sle-updates at lists.suse.com Tue May 3 13:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 15:19:32 +0200 (CEST) Subject: SUSE-RU-2022:1497-1: moderate: Recommended update for yast2-bootloader Message-ID: <20220503131932.144F4FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1497-1 Rating: moderate References: #1187690 #1197192 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-bootloader fixes the following issue: - AutoYaST: do not clone device for hibernation and also check during autoinstallation if device for hibernation exists and if not then use proposed one. (bsc#1187690, bsc#1197192) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1497=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1497=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-1497=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.3.31-150300.3.8.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.3.31-150300.3.8.2 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.3.31-150300.3.8.2 References: https://bugzilla.suse.com/1187690 https://bugzilla.suse.com/1197192 From sle-updates at lists.suse.com Tue May 3 13:20:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 15:20:20 +0200 (CEST) Subject: SUSE-RU-2022:1501-1: moderate: Recommended update for python-uamqp Message-ID: <20220503132020.466DBFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-uamqp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1501-1 Rating: moderate References: #1197848 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-uamqp fixes the following issues: - python-uamqp won't compile on SP4 (bsc#1197848) - Only build Python3 flavors for distributions 15 and greater Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1501=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1501=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-uamqp-debugsource-1.5.3-150100.4.7.1 python3-uamqp-1.5.3-150100.4.7.1 python3-uamqp-debuginfo-1.5.3-150100.4.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-uamqp-debugsource-1.5.3-150100.4.7.1 python3-uamqp-1.5.3-150100.4.7.1 python3-uamqp-debuginfo-1.5.3-150100.4.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): python-uamqp-debugsource-1.5.3-150100.4.7.1 python3-uamqp-1.5.3-150100.4.7.1 python3-uamqp-debuginfo-1.5.3-150100.4.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): python-uamqp-debugsource-1.5.3-150100.4.7.1 python3-uamqp-1.5.3-150100.4.7.1 python3-uamqp-debuginfo-1.5.3-150100.4.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python-uamqp-debugsource-1.5.3-150100.4.7.1 python3-uamqp-1.5.3-150100.4.7.1 python3-uamqp-debuginfo-1.5.3-150100.4.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): python-uamqp-debugsource-1.5.3-150100.4.7.1 python3-uamqp-1.5.3-150100.4.7.1 python3-uamqp-debuginfo-1.5.3-150100.4.7.1 References: https://bugzilla.suse.com/1197848 From sle-updates at lists.suse.com Tue May 3 19:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:16:46 +0200 (CEST) Subject: SUSE-SU-2022:1510-1: important: Security update for amazon-ssm-agent Message-ID: <20220503191646.B8338FBAA@maintenance.suse.de> SUSE Security Update: Security update for amazon-ssm-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1510-1 Rating: important References: #1196556 Cross-References: CVE-2022-29527 CVSS scores: CVE-2022-29527 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for amazon-ssm-agent fixes the following issues: - CVE-2022-29527: Fixed unsafe file creation mode of ssm-agent-users sudoer file (bsc#1196556). Update to version 3.1.1260.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1510=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-1510=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - openSUSE Leap 15.3 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 References: https://www.suse.com/security/cve/CVE-2022-29527.html https://bugzilla.suse.com/1196556 From sle-updates at lists.suse.com Tue May 3 19:17:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:17:26 +0200 (CEST) Subject: SUSE-SU-2022:1511-1: important: Security update for webkit2gtk3 Message-ID: <20220503191726.F0832FBAA@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1511-1 Rating: important References: #1196133 #1198290 Cross-References: CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 CVSS scores: CVE-2022-22594 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22594 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-22624 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22628 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22629 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22637 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1511=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1511=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1511=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1511=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1511=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1511=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1511=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1511=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1511=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1511=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150000.3.100.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-2.36.0-150000.3.100.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150000.3.100.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2-4_0-2.36.0-150000.3.100.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-2.36.0-150000.3.100.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150000.3.100.1 webkit2gtk3-debugsource-2.36.0-150000.3.100.1 webkit2gtk3-devel-2.36.0-150000.3.100.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.36.0-150000.3.100.1 References: https://www.suse.com/security/cve/CVE-2022-22594.html https://www.suse.com/security/cve/CVE-2022-22624.html https://www.suse.com/security/cve/CVE-2022-22628.html https://www.suse.com/security/cve/CVE-2022-22629.html https://www.suse.com/security/cve/CVE-2022-22637.html https://bugzilla.suse.com/1196133 https://bugzilla.suse.com/1198290 From sle-updates at lists.suse.com Tue May 3 19:18:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:18:14 +0200 (CEST) Subject: SUSE-SU-2022:1505-1: moderate: Security update for xen Message-ID: <20220503191814.4DD47FBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1505-1 Rating: moderate References: #1197423 #1197425 #1197426 Cross-References: CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1505=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1505=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_22-3.66.1 xen-devel-4.12.4_22-3.66.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_22-3.66.1 xen-debugsource-4.12.4_22-3.66.1 xen-doc-html-4.12.4_22-3.66.1 xen-libs-32bit-4.12.4_22-3.66.1 xen-libs-4.12.4_22-3.66.1 xen-libs-debuginfo-32bit-4.12.4_22-3.66.1 xen-libs-debuginfo-4.12.4_22-3.66.1 xen-tools-4.12.4_22-3.66.1 xen-tools-debuginfo-4.12.4_22-3.66.1 xen-tools-domU-4.12.4_22-3.66.1 xen-tools-domU-debuginfo-4.12.4_22-3.66.1 References: https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Tue May 3 19:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:19:06 +0200 (CEST) Subject: SUSE-SU-2022:1508-1: moderate: Security update for libcaca Message-ID: <20220503191906.57BEBFBAA@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1508-1 Rating: moderate References: #1197028 Cross-References: CVE-2022-0856 CVSS scores: CVE-2022-0856 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0856 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1508=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1508=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.9.1 libcaca-devel-0.99.beta18-14.9.1 libcaca0-plugins-0.99.beta18-14.9.1 libcaca0-plugins-debuginfo-0.99.beta18-14.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.9.1 libcaca0-0.99.beta18-14.9.1 libcaca0-debuginfo-0.99.beta18-14.9.1 References: https://www.suse.com/security/cve/CVE-2022-0856.html https://bugzilla.suse.com/1197028 From sle-updates at lists.suse.com Tue May 3 19:19:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:19:49 +0200 (CEST) Subject: SUSE-SU-2022:1506-1: moderate: Security update for xen Message-ID: <20220503191949.318BCFBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1506-1 Rating: moderate References: #1197423 #1197425 #1197426 Cross-References: CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1506=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1506=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1506=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1506=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1506=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.4_04-150300.3.24.1 xen-debugsource-4.14.4_04-150300.3.24.1 xen-devel-4.14.4_04-150300.3.24.1 xen-doc-html-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 xen-tools-4.14.4_04-150300.3.24.1 xen-tools-debuginfo-4.14.4_04-150300.3.24.1 xen-tools-domU-4.14.4_04-150300.3.24.1 xen-tools-domU-debuginfo-4.14.4_04-150300.3.24.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.4_04-150300.3.24.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.4_04-150300.3.24.1 xen-libs-32bit-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.4_04-150300.3.24.1 xen-debugsource-4.14.4_04-150300.3.24.1 xen-devel-4.14.4_04-150300.3.24.1 xen-tools-4.14.4_04-150300.3.24.1 xen-tools-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 xen-tools-domU-4.14.4_04-150300.3.24.1 xen-tools-domU-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 References: https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Tue May 3 19:20:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:20:56 +0200 (CEST) Subject: SUSE-SU-2022:1513-1: important: Security update for java-11-openjdk Message-ID: <20220503192056.915A6FBAA@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1513-1 Rating: important References: #1198671 #1198672 #1198673 #1198674 #1198675 Cross-References: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1513=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1513=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1513=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1513=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1513=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1513=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1513=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1513=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1513=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1513=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1513=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1513=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1513=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1513=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1513=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1513=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1513=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1513=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1513=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1513=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-debuginfo-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 java-11-openjdk-jmods-11.0.15.0-150000.3.80.1 java-11-openjdk-src-11.0.15.0-150000.3.80.1 - openSUSE Leap 15.4 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-debuginfo-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 java-11-openjdk-jmods-11.0.15.0-150000.3.80.1 java-11-openjdk-src-11.0.15.0-150000.3.80.1 - openSUSE Leap 15.3 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Manager Proxy 4.1 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 References: https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 From sle-updates at lists.suse.com Tue May 3 19:22:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:22:28 +0200 (CEST) Subject: SUSE-SU-2022:1512-1: important: Security update for ruby2.5 Message-ID: <20220503192228.EA330FBAA@maintenance.suse.de> SUSE Security Update: Security update for ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1512-1 Rating: important References: #1188160 #1188161 #1190375 #1193035 #1198441 Cross-References: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 CVSS scores: CVE-2021-31799 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31799 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31810 (NVD) : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-32066 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-41817 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-28739 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1512=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1512=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1512=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1512=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1512=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1512=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1512=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1512=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1512=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1512=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1512=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1512=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1512=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1512=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1512=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1512=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1512=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1512=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1512=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-doc-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - openSUSE Leap 15.4 (noarch): ruby2.5-doc-ri-2.5.9-150000.4.23.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-doc-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - openSUSE Leap 15.3 (noarch): ruby2.5-doc-ri-2.5.9-150000.4.23.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Manager Proxy 4.1 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE CaaS Platform 4.0 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 References: https://www.suse.com/security/cve/CVE-2021-31799.html https://www.suse.com/security/cve/CVE-2021-31810.html https://www.suse.com/security/cve/CVE-2021-32066.html https://www.suse.com/security/cve/CVE-2021-41817.html https://www.suse.com/security/cve/CVE-2022-28739.html https://bugzilla.suse.com/1188160 https://bugzilla.suse.com/1188161 https://bugzilla.suse.com/1190375 https://bugzilla.suse.com/1193035 https://bugzilla.suse.com/1198441 From sle-updates at lists.suse.com Tue May 3 19:23:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:23:43 +0200 (CEST) Subject: SUSE-SU-2022:1507-1: important: Security update for containerd, docker Message-ID: <20220503192343.1EB1DFBAA@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1507-1 Rating: important References: #1192814 #1193273 #1193930 #1196441 #1197284 #1197517 Cross-References: CVE-2021-41190 CVE-2021-43565 CVE-2022-23648 CVE-2022-24769 CVE-2022-27191 CVSS scores: CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2021-43565 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23648 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24769 (NVD) : 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-24769 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2021-41190: Fixed parsing confusions in OCI manifest and index (bsc#1193273). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-1507=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.5.11-16.57.1 docker-20.10.14_ce-98.80.1 docker-debuginfo-20.10.14_ce-98.80.1 References: https://www.suse.com/security/cve/CVE-2021-41190.html https://www.suse.com/security/cve/CVE-2021-43565.html https://www.suse.com/security/cve/CVE-2022-23648.html https://www.suse.com/security/cve/CVE-2022-24769.html https://www.suse.com/security/cve/CVE-2022-27191.html https://bugzilla.suse.com/1192814 https://bugzilla.suse.com/1193273 https://bugzilla.suse.com/1193930 https://bugzilla.suse.com/1196441 https://bugzilla.suse.com/1197284 https://bugzilla.suse.com/1197517 From sle-updates at lists.suse.com Tue May 3 19:24:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2022 21:24:48 +0200 (CEST) Subject: SUSE-SU-2022:1509-1: moderate: Security update for pcp Message-ID: <20220503192448.C9FD8FBAA@maintenance.suse.de> SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1509-1 Rating: moderate References: #1171883 Cross-References: CVE-2020-8025 CVSS scores: CVE-2020-8025 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcp fixes the following issues: - CVE-2020-8025: Fixed outdated entries in permissions profiles for /var/lib/pcp/tmp/* (bsc#1171883). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1509=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1509=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pcp-pmda-kvm-3.11.9-150000.5.14.1 pcp-pmda-lmsensors-debuginfo-3.11.9-150000.5.14.1 pcp-pmda-postgresql-3.11.9-150000.5.14.1 python-pcp-3.11.9-150000.5.14.1 python-pcp-debuginfo-3.11.9-150000.5.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pcp-pmda-kvm-3.11.9-150000.5.14.1 pcp-pmda-lmsensors-debuginfo-3.11.9-150000.5.14.1 pcp-pmda-postgresql-3.11.9-150000.5.14.1 python-pcp-3.11.9-150000.5.14.1 python-pcp-debuginfo-3.11.9-150000.5.14.1 References: https://www.suse.com/security/cve/CVE-2020-8025.html https://bugzilla.suse.com/1171883 From sle-updates at lists.suse.com Wed May 4 07:11:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 09:11:30 +0200 (CEST) Subject: SUSE-CU-2022:853-1: Security update of ses/7.1/rook/ceph Message-ID: <20220504071130.9B8BBF7B4@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:853-1 Container Tags : ses/7.1/rook/ceph:1.8.6 , ses/7.1/rook/ceph:1.8.6.0 , ses/7.1/rook/ceph:1.8.6.0.4.5.9 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.9 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1177460 1183533 1184501 1191157 1191502 1193086 1193489 1194172 1194642 1194848 1194883 1195231 1195247 1195251 1195258 1195529 1195628 1195836 1195899 1195999 1196061 1196093 1196107 1196317 1196368 1196514 1196567 1196647 1196787 1196925 1196939 1197004 1197024 1197134 1197297 1197459 1197788 1198062 1198237 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 CVE-2021-28153 CVE-2022-1271 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1145-1 Released: Mon Apr 11 14:59:54 2022 Summary: Recommended update for tcmu-runner Type: recommended Severity: moderate References: 1196787 This update for tcmu-runner fixes the following issues: - fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1422-1 Released: Wed Apr 27 09:24:27 2022 Summary: Recommended update for glib2-branding Type: recommended Severity: moderate References: 1195836 This update for glib2-branding fixes the following issues: - Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing favorite link. (bsc#1195836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - binutils-2.37-150100.7.29.1 updated - device-mapper-1.02.163-8.42.1 updated - e2fsprogs-1.43.8-150000.4.29.1 updated - gio-branding-SLE-15-150300.19.3.1 updated - glib2-tools-2.62.6-150200.3.9.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - libdevmapper-event1_03-1.02.163-8.42.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libext2fs2-1.43.8-150000.4.29.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgio-2_0-0-2.62.6-150200.3.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libgobject-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblvm2cmd2_03-2.03.05-8.42.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libsystemd0-246.16-150300.7.42.1 updated - libtcmu2-1.5.2-150200.2.7.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libudev1-246.16-150300.7.42.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - lvm2-2.03.05-8.42.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - pam-1.3.0-150000.6.55.3 updated - perl-base-5.26.1-150300.17.3.1 updated - psmisc-23.0-150000.6.22.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-246.16-150300.7.42.1 updated - tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated - tcmu-runner-1.5.2-150200.2.7.1 updated - timezone-2022a-150000.75.7.1 updated - udev-246.16-150300.7.42.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 added - util-linux-2.36.2-150300.4.20.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Wed May 4 07:32:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 09:32:39 +0200 (CEST) Subject: SUSE-CU-2022:859-1: Security update of bci/openjdk-devel Message-ID: <20220504073239.3BC38F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:859-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.9 , bci/openjdk-devel:latest Container Release : 17.9 Severity : important Type : security References : 1198671 1198672 1198673 1198674 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1513-1 Released: Tue May 3 16:13:25 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). The following package changes have been done: - java-11-openjdk-devel-11.0.15.0-150000.3.80.1 updated - java-11-openjdk-headless-11.0.15.0-150000.3.80.1 updated - java-11-openjdk-11.0.15.0-150000.3.80.1 updated - container:openjdk-11-image-15.3.0-17.4 updated From sle-updates at lists.suse.com Wed May 4 07:38:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 09:38:36 +0200 (CEST) Subject: SUSE-CU-2022:860-1: Security update of bci/openjdk Message-ID: <20220504073836.62C87F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:860-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-17.4 , bci/openjdk:latest Container Release : 17.4 Severity : important Type : security References : 1198671 1198672 1198673 1198674 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1513-1 Released: Tue May 3 16:13:25 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). The following package changes have been done: - java-11-openjdk-headless-11.0.15.0-150000.3.80.1 updated - java-11-openjdk-11.0.15.0-150000.3.80.1 updated - container:sles15-image-15.0.0-17.14.7 updated From sle-updates at lists.suse.com Wed May 4 07:43:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 09:43:25 +0200 (CEST) Subject: SUSE-CU-2022:862-1: Security update of bci/ruby Message-ID: <20220504074325.99D05F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:862-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-17.7 , bci/ruby:latest Container Release : 17.7 Severity : important Type : security References : 1188160 1188161 1190375 1193035 1198441 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). The following package changes have been done: - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - ruby2.5-devel-2.5.9-150000.4.23.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated From sle-updates at lists.suse.com Wed May 4 13:17:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 15:17:02 +0200 (CEST) Subject: SUSE-SU-2022:1515-1: important: Security update for rubygem-puma Message-ID: <20220504131702.B1888F7B4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1515-1 Rating: important References: #1188527 #1191681 #1196222 Cross-References: CVE-2021-29509 CVE-2021-41136 CVE-2022-23634 CVSS scores: CVE-2021-29509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2022-23634 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: * CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service (DoS) (bsc#1188527) * CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681) * CVE-2022-23634: Fixed information leak between requests (bsc#1196222) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1515=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1515=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-1515=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-doc-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-doc-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 References: https://www.suse.com/security/cve/CVE-2021-29509.html https://www.suse.com/security/cve/CVE-2021-41136.html https://www.suse.com/security/cve/CVE-2022-23634.html https://bugzilla.suse.com/1188527 https://bugzilla.suse.com/1191681 https://bugzilla.suse.com/1196222 From sle-updates at lists.suse.com Wed May 4 13:17:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 15:17:53 +0200 (CEST) Subject: SUSE-RU-2022:1517-1: moderate: Recommended update for lksctp-tools Message-ID: <20220504131753.85C88F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for lksctp-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1517-1 Rating: moderate References: #1133097 #1197590 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lksctp-tools fixes the following issues: Update to version 1.0.17 (bsc#1197590) * sctp_test: fix hostname resolution * man: remove sysctl listing from sctp.7 * Fix recieved->received typos * Fix usage help for sctp_test * test_1_to_1_accept_close: also expect EACCES when accept on an established socket * lksctp-tools: make bind_test can do while disable IPV6 * libsctp: add pkg-config support Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1517=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1517=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1517=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1517=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1517=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): lksctp-tools-1.0.17-150000.3.3.1 lksctp-tools-debuginfo-1.0.17-150000.3.3.1 lksctp-tools-debugsource-1.0.17-150000.3.3.1 lksctp-tools-devel-1.0.17-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): lksctp-tools-1.0.17-150000.3.3.1 lksctp-tools-debuginfo-1.0.17-150000.3.3.1 lksctp-tools-debugsource-1.0.17-150000.3.3.1 lksctp-tools-devel-1.0.17-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): lksctp-tools-1.0.17-150000.3.3.1 lksctp-tools-debuginfo-1.0.17-150000.3.3.1 lksctp-tools-debugsource-1.0.17-150000.3.3.1 lksctp-tools-devel-1.0.17-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): lksctp-tools-1.0.17-150000.3.3.1 lksctp-tools-debuginfo-1.0.17-150000.3.3.1 lksctp-tools-debugsource-1.0.17-150000.3.3.1 lksctp-tools-devel-1.0.17-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): lksctp-tools-1.0.17-150000.3.3.1 lksctp-tools-debuginfo-1.0.17-150000.3.3.1 lksctp-tools-debugsource-1.0.17-150000.3.3.1 lksctp-tools-devel-1.0.17-150000.3.3.1 References: https://bugzilla.suse.com/1133097 https://bugzilla.suse.com/1197590 From sle-updates at lists.suse.com Wed May 4 13:18:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 15:18:37 +0200 (CEST) Subject: SUSE-SU-2022:1516-1: important: Security update for libwmf Message-ID: <20220504131837.5473DF7B4@maintenance.suse.de> SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1516-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1516=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1516=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1516=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.4 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075 From sle-updates at lists.suse.com Wed May 4 13:19:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 15:19:23 +0200 (CEST) Subject: SUSE-SU-2022:1514-1: important: Security Beta update for SUSE Manager Salt Bundle Message-ID: <20220504131923.D8987F7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1514-1 Rating: important References: #1197417 #1197637 #1198556 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-1514=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-159000.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 From sle-updates at lists.suse.com Wed May 4 13:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 15:20:25 +0200 (CEST) Subject: SUSE-FU-2022:1519-1: moderate: Feature update for python-contextvars, python-immutables Message-ID: <20220504132025.BBADCF7B4@maintenance.suse.de> SUSE Feature Update: Feature update for python-contextvars, python-immutables ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1519-1 Rating: moderate References: SLE-24404 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for python-contextvars, python-immutables fixes the following issues: python-immutables: - Provide python-immutables version 0.11 in SUSE Linux Enterprise 15 (jsc#SLE-24404) python-contextvars: - Provide python-contextvars version 2.4 in SUSE Linux Enterprise 15 (jsc#SLE-24404) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1519=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1519=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1519=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1519=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1519=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1519=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1519=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1519=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1519=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1519=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1519=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1519=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1519=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1519=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1519=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1519=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1519=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1519=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1519=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1519=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1519=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1519=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1519=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1519=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1519=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1519=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1519=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - openSUSE Leap 15.4 (noarch): python3-contextvars-2.4-150000.1.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - openSUSE Leap 15.3 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Manager Server 4.1 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Manager Proxy 4.1 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Manager Proxy 4.1 (x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise Micro 5.0 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Enterprise Storage 7 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 - SUSE Enterprise Storage 6 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE CaaS Platform 4.0 (noarch): python3-contextvars-2.4-150000.1.3.1 - SUSE CaaS Platform 4.0 (x86_64): python-immutables-debugsource-0.11-150000.1.3.1 python3-immutables-0.11-150000.1.3.1 python3-immutables-debuginfo-0.11-150000.1.3.1 References: From sle-updates at lists.suse.com Wed May 4 13:21:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 15:21:12 +0200 (CEST) Subject: SUSE-RU-2022:1518-1: important: Recommended update for sanlock Message-ID: <20220504132112.94746F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sanlock ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1518-1 Rating: important References: #1197853 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sanlock fixes the following issues: - Add libuuid as a build requirement to fix build issues on future SUSE Linux Enterprise Service Packs (bsc#1197853) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1518=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1518=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1518=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1518=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1518=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): fence-sanlock-3.6.0-150000.4.3.1 fence-sanlock-debuginfo-3.6.0-150000.4.3.1 libsanlock1-3.6.0-150000.4.3.1 libsanlock1-debuginfo-3.6.0-150000.4.3.1 python2-sanlock-3.6.0-150000.4.3.1 python2-sanlock-debuginfo-3.6.0-150000.4.3.1 python3-sanlock-3.6.0-150000.4.3.1 python3-sanlock-debuginfo-3.6.0-150000.4.3.1 sanlk-reset-3.6.0-150000.4.3.1 sanlk-reset-debuginfo-3.6.0-150000.4.3.1 sanlock-3.6.0-150000.4.3.1 sanlock-debuginfo-3.6.0-150000.4.3.1 sanlock-debugsource-3.6.0-150000.4.3.1 sanlock-devel-3.6.0-150000.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): fence-sanlock-3.6.0-150000.4.3.1 fence-sanlock-debuginfo-3.6.0-150000.4.3.1 libsanlock1-3.6.0-150000.4.3.1 libsanlock1-debuginfo-3.6.0-150000.4.3.1 python2-sanlock-3.6.0-150000.4.3.1 python2-sanlock-debuginfo-3.6.0-150000.4.3.1 python3-sanlock-3.6.0-150000.4.3.1 python3-sanlock-debuginfo-3.6.0-150000.4.3.1 sanlk-reset-3.6.0-150000.4.3.1 sanlk-reset-debuginfo-3.6.0-150000.4.3.1 sanlock-3.6.0-150000.4.3.1 sanlock-debuginfo-3.6.0-150000.4.3.1 sanlock-debugsource-3.6.0-150000.4.3.1 sanlock-devel-3.6.0-150000.4.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsanlock1-3.6.0-150000.4.3.1 libsanlock1-debuginfo-3.6.0-150000.4.3.1 sanlock-3.6.0-150000.4.3.1 sanlock-debuginfo-3.6.0-150000.4.3.1 sanlock-debugsource-3.6.0-150000.4.3.1 sanlock-devel-3.6.0-150000.4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libsanlock1-3.6.0-150000.4.3.1 libsanlock1-debuginfo-3.6.0-150000.4.3.1 sanlock-3.6.0-150000.4.3.1 sanlock-debuginfo-3.6.0-150000.4.3.1 sanlock-debugsource-3.6.0-150000.4.3.1 sanlock-devel-3.6.0-150000.4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libsanlock1-3.6.0-150000.4.3.1 libsanlock1-debuginfo-3.6.0-150000.4.3.1 sanlock-3.6.0-150000.4.3.1 sanlock-debuginfo-3.6.0-150000.4.3.1 sanlock-debugsource-3.6.0-150000.4.3.1 sanlock-devel-3.6.0-150000.4.3.1 References: https://bugzilla.suse.com/1197853 From sle-updates at lists.suse.com Wed May 4 16:17:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 18:17:36 +0200 (CEST) Subject: SUSE-SU-2022:1524-1: moderate: Security update for apache2-mod_auth_mellon Message-ID: <20220504161736.4CB1BF7B4@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_auth_mellon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1524-1 Rating: moderate References: #1188926 Cross-References: CVE-2021-3639 CVSS scores: CVE-2021-3639 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1524=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1524=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1524=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1524=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1524=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1524=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1524=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1524=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1524=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1524=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1524=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1524=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1524=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1524=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Manager Proxy 4.1 (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 References: https://www.suse.com/security/cve/CVE-2021-3639.html https://bugzilla.suse.com/1188926 From sle-updates at lists.suse.com Wed May 4 16:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 18:18:52 +0200 (CEST) Subject: SUSE-RU-2022:1522-1: moderate: Recommended update for NetworkManager Message-ID: <20220504161852.AF393F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1522-1 Rating: moderate References: #1195173 #1195222 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for NetworkManager fixes the following issues: - Backport upstream fixes to implement RFC 8106. (bsc#1195173) - ndisc: don't artificially extend the lifetime of DNSSL/RDNSS options. (bsc#1195222) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1522=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1522=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1522=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1522=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1522=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1522=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1522=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1522=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): NetworkManager-1.22.10-150200.3.15.1 NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 NetworkManager-devel-1.22.10-150200.3.15.1 libnm0-1.22.10-150200.3.15.1 libnm0-debuginfo-1.22.10-150200.3.15.1 typelib-1_0-NM-1_0-1.22.10-150200.3.15.1 - openSUSE Leap 15.3 (x86_64): NetworkManager-devel-32bit-1.22.10-150200.3.15.1 - openSUSE Leap 15.3 (noarch): NetworkManager-branding-upstream-1.22.10-150200.3.15.1 NetworkManager-lang-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): NetworkManager-lang-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 NetworkManager-devel-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): NetworkManager-1.22.10-150200.3.15.1 NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 NetworkManager-devel-1.22.10-150200.3.15.1 libnm0-1.22.10-150200.3.15.1 libnm0-debuginfo-1.22.10-150200.3.15.1 typelib-1_0-NM-1_0-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-1.22.10-150200.3.15.1 NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 libnm0-1.22.10-150200.3.15.1 libnm0-debuginfo-1.22.10-150200.3.15.1 typelib-1_0-NM-1_0-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 libnm0-1.22.10-150200.3.15.1 libnm0-debuginfo-1.22.10-150200.3.15.1 typelib-1_0-NM-1_0-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 libnm0-1.22.10-150200.3.15.1 libnm0-debuginfo-1.22.10-150200.3.15.1 typelib-1_0-NM-1_0-1.22.10-150200.3.15.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): NetworkManager-debuginfo-1.22.10-150200.3.15.1 NetworkManager-debugsource-1.22.10-150200.3.15.1 libnm0-1.22.10-150200.3.15.1 libnm0-debuginfo-1.22.10-150200.3.15.1 typelib-1_0-NM-1_0-1.22.10-150200.3.15.1 References: https://bugzilla.suse.com/1195173 https://bugzilla.suse.com/1195222 From sle-updates at lists.suse.com Wed May 4 19:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:16:19 +0200 (CEST) Subject: SUSE-SU-2022:1534-1: moderate: Security Beta update for SUSE Manager Salt Bundle Message-ID: <20220504191619.27183F7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1534-1 Rating: moderate References: #1197417 #1197637 #1198556 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-1534=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3004-2.9.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 From sle-updates at lists.suse.com Wed May 4 19:17:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:17:02 +0200 (CEST) Subject: SUSE-RU-2022:1525-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220504191702.AF9EDF7B4@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1525-1 Rating: moderate References: #1197689 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.3.10-1 * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-BETA-2022-1525=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA (all): spacecmd-4.3.10-2.10.1 References: https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Wed May 4 19:17:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:17:42 +0200 (CEST) Subject: SUSE-SU-2022:1536-1: important: Security Beta update for SUSE Manager Salt Bundle Message-ID: <20220504191742.F0B8DF7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1536-1 Rating: important References: #1118088 #1184177 #1196249 #1196877 #1197279 #1197417 #1197637 #1198556 Cross-References: CVE-2018-19787 CVE-2021-28957 CVE-2022-0778 CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVE-2022-24302 CVSS scores: CVE-2018-19787 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-19787 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2021-28957 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-0778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24302 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-24302 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 - CVE-2022-24302: unauthorized information disclosure for python-paramiko. - CVE-2021-28957: XSS due to missing input sanitization in python-lxml. - CVE-2018-19787: XSS attacks due to missing URLs sanitization in python-lxml. - Security Fix: (bsc#1196249, bsc#1196877, CVE-2022-0778) * Allow CRYPTO_THREADID_set_callback to be called with NULL parameter * Infinite loop in BN_mod_sqrt() reachable when parsing certificates Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-1536=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-3.9.1 References: https://www.suse.com/security/cve/CVE-2018-19787.html https://www.suse.com/security/cve/CVE-2021-28957.html https://www.suse.com/security/cve/CVE-2022-0778.html https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://www.suse.com/security/cve/CVE-2022-24302.html https://bugzilla.suse.com/1118088 https://bugzilla.suse.com/1184177 https://bugzilla.suse.com/1196249 https://bugzilla.suse.com/1196877 https://bugzilla.suse.com/1197279 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 From sle-updates at lists.suse.com Wed May 4 19:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:18:54 +0200 (CEST) Subject: SUSE-SU-2022:1537-1: important: Security Beta update for SUSE Manager Salt Bundle Message-ID: <20220504191854.184FEF7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1537-1 Rating: important References: #1197417 #1197637 #1198556 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-1537=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3004-2.11.2 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 From sle-updates at lists.suse.com Wed May 4 19:19:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:19:38 +0200 (CEST) Subject: SUSE-SU-2022:1531-1: important: Security Beta update for SUSE Manager Client Tools Message-ID: <20220504191938.D505BF7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1531-1 Rating: important References: #1181400 #1190535 #1196338 #1196704 #1197042 #1197417 #1197579 #1197689 SLE-24077 SLE-24138 SLE-24139 SLE-24238 SLE-24239 Cross-References: CVE-2020-22935 CVE-2022-21698 CVE-2022-22934 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains 5 features and has three fixes is now available. Description: This update fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077) - Update to version 0.23.0: * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Added hardening to systemd service(s) (bsc#1181400). Modified: prometheus-alertmanager.service golang-github-prometheus-node_exporter: - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch capture-permission-denied-error-energy_uj.patch: Already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Apply patch to capture permission denied error for "energy_uj" file (bsc#1190535) golang-github-prometheus-prometheus: - Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it - Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run - Create firewalld-prometheus-config subpackage (bsc#1197042) - CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338) golang-github-prometheus-promu: - Update to version 0.13.0: * Release 0.13.0 (jsc#SLE-24138, jsc#SLE-24139) * Add deprecation note to pkg directory * Add windows/arm64 * Update common Prometheus files * Fix typo * Release 0.12.0 * Simplify CGO crossbuilds * Update common Prometheus files * Release 0.11.1 * Fix build with "linux" platform - Update to 0.5.0 + Features: * Add support for aix/ppc64. #151 * Fallback to git describe output if no VERSION. #130 + Enhancements: * cmd/release: add --timeout option. #142 * cmd/release: create release in GitHub if none exists. #148 + Bug Fixes: * cmd/tarball: restore --prefix flag. #133 * cmd/release: don't leak credentials in case of error. #136 mgr-cfg: - Version 4.3.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) mgr-osad: - Version 4.3.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.3.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.3.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 rhnlib: - Version 4.3.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 salt: - Fix multiple security fixes (bsc#1197417) * CVE-2020-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. spacecmd: - Version 4.3.10-1 * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port spacewalk-client-tools: - Version 4.3.9-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-koan: - Version 4.3.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.3.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.3.3-1 * Fix the condition for preventing building python 2 subpackage for SLE15 uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-1531=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-4.9.1 golang-github-prometheus-node_exporter-1.3.0-4.12.1 golang-github-prometheus-prometheus-2.32.1-4.30.1 golang-github-prometheus-promu-0.13.0-4.9.1 python2-salt-3000-53.11.1 python2-uyuni-common-libs-4.3.4-3.30.1 python3-salt-3000-53.11.1 salt-3000-53.11.1 salt-doc-3000-53.11.1 salt-minion-3000-53.11.1 - SUSE Manager Tools 12-BETA (noarch): mgr-cfg-4.3.6-4.27.1 mgr-cfg-actions-4.3.6-4.27.1 mgr-cfg-client-4.3.6-4.27.1 mgr-cfg-management-4.3.6-4.27.1 mgr-osad-4.3.6-4.27.1 mgr-push-4.3.4-4.18.1 mgr-virtualization-host-4.3.5-4.18.1 python2-mgr-cfg-4.3.6-4.27.1 python2-mgr-cfg-actions-4.3.6-4.27.1 python2-mgr-cfg-client-4.3.6-4.27.1 python2-mgr-cfg-management-4.3.6-4.27.1 python2-mgr-osa-common-4.3.6-4.27.1 python2-mgr-osad-4.3.6-4.27.1 python2-mgr-push-4.3.4-4.18.1 python2-mgr-virtualization-common-4.3.5-4.18.1 python2-mgr-virtualization-host-4.3.5-4.18.1 python2-rhnlib-4.3.4-24.27.1 python2-spacewalk-check-4.3.9-55.45.1 python2-spacewalk-client-setup-4.3.9-55.45.1 python2-spacewalk-client-tools-4.3.9-55.45.1 python2-spacewalk-koan-4.3.5-27.18.1 python2-spacewalk-oscap-4.3.5-22.18.1 python2-suseRegisterInfo-4.3.3-28.21.1 spacecmd-4.3.10-41.39.1 spacewalk-check-4.3.9-55.45.1 spacewalk-client-setup-4.3.9-55.45.1 spacewalk-client-tools-4.3.9-55.45.1 spacewalk-koan-4.3.5-27.18.1 spacewalk-oscap-4.3.5-22.18.1 suseRegisterInfo-4.3.3-28.21.1 References: https://www.suse.com/security/cve/CVE-2020-22935.html https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1190535 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197042 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197579 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Wed May 4 19:20:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:20:51 +0200 (CEST) Subject: SUSE-SU-2022:1527-1: important: Security Beta update for SUSE Manager Client Tools Message-ID: <20220504192051.926E5F7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1527-1 Rating: important References: #1197417 #1197533 #1197637 #1197689 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: salt: - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. spacecmd: - Version 4.3.10-1 * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-1527=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+27.57.1 salt-minion-3004+ds-1+27.57.1 spacecmd-4.3.10-2.39.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Wed May 4 19:21:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:21:53 +0200 (CEST) Subject: SUSE-SU-2022:1529-1: important: Security Beta update for SUSE Manager Client Tools Message-ID: <20220504192153.7539DF7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1529-1 Rating: important References: #1197417 #1197533 #1197637 #1197689 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: salt: - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. spacecmd: - Version 4.3.10-1 * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-1529=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+2.42.1 salt-minion-3004+ds-1+2.42.1 spacecmd-4.3.10-2.33.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Wed May 4 19:22:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:22:43 +0200 (CEST) Subject: SUSE-SU-2022:1533-1: important: Security Beta update for SUSE Manager Salt Bundle Message-ID: <20220504192243.EC3D6F7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1533-1 Rating: important References: #1197417 #1197637 #1198556 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-1533=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3004-2.9.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 From sle-updates at lists.suse.com Wed May 4 19:23:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:23:29 +0200 (CEST) Subject: SUSE-SU-2022:1540-1: moderate: Security update for libvirt Message-ID: <20220504192329.50ED5F7B4@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1540-1 Rating: moderate References: #1191668 #1197636 Cross-References: CVE-2022-0897 CVSS scores: CVE-2022-0897 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-0897 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - libxl: Mark auto-allocated graphics ports to used on reconnect e0241f33-libxl-mark-allocated-graphics-ports.patch - libxl: Release all auto-allocated graphics ports 18ec405a-libxl-release-graphics-ports.patch bsc#1191668 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1540=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1540=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-13.31.1 libvirt-devel-5.1.0-13.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-13.31.1 libvirt-admin-5.1.0-13.31.1 libvirt-admin-debuginfo-5.1.0-13.31.1 libvirt-client-5.1.0-13.31.1 libvirt-client-debuginfo-5.1.0-13.31.1 libvirt-daemon-5.1.0-13.31.1 libvirt-daemon-config-network-5.1.0-13.31.1 libvirt-daemon-config-nwfilter-5.1.0-13.31.1 libvirt-daemon-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-interface-5.1.0-13.31.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-lxc-5.1.0-13.31.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-network-5.1.0-13.31.1 libvirt-daemon-driver-network-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-nodedev-5.1.0-13.31.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-nwfilter-5.1.0-13.31.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-qemu-5.1.0-13.31.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-secret-5.1.0-13.31.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-storage-5.1.0-13.31.1 libvirt-daemon-driver-storage-core-5.1.0-13.31.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-storage-disk-5.1.0-13.31.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-storage-iscsi-5.1.0-13.31.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-storage-logical-5.1.0-13.31.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-storage-mpath-5.1.0-13.31.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.31.1 libvirt-daemon-driver-storage-scsi-5.1.0-13.31.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.31.1 libvirt-daemon-hooks-5.1.0-13.31.1 libvirt-daemon-lxc-5.1.0-13.31.1 libvirt-daemon-qemu-5.1.0-13.31.1 libvirt-debugsource-5.1.0-13.31.1 libvirt-doc-5.1.0-13.31.1 libvirt-libs-5.1.0-13.31.1 libvirt-libs-debuginfo-5.1.0-13.31.1 libvirt-lock-sanlock-5.1.0-13.31.1 libvirt-lock-sanlock-debuginfo-5.1.0-13.31.1 libvirt-nss-5.1.0-13.31.1 libvirt-nss-debuginfo-5.1.0-13.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-13.31.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.31.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvirt-daemon-driver-libxl-5.1.0-13.31.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.31.1 libvirt-daemon-xen-5.1.0-13.31.1 References: https://www.suse.com/security/cve/CVE-2022-0897.html https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1197636 From sle-updates at lists.suse.com Wed May 4 19:24:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:24:12 +0200 (CEST) Subject: SUSE-SU-2022:1541-1: important: Security update for pgadmin4 Message-ID: <20220504192412.583DCF7B4@maintenance.suse.de> SUSE Security Update: Security update for pgadmin4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1541-1 Rating: important References: #1197143 Cross-References: CVE-2022-0959 CVSS scores: CVE-2022-0959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-0959 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload (bsc#1197143). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1541=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1541=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1541=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1541=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - openSUSE Leap 15.4 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 pgadmin4-web-uwsgi-4.30-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - openSUSE Leap 15.3 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 pgadmin4-web-uwsgi-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-0959.html https://bugzilla.suse.com/1197143 From sle-updates at lists.suse.com Wed May 4 19:24:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:24:47 +0200 (CEST) Subject: SUSE-SU-2022:1528-1: important: Security Beta update for SUSE Manager Client Tools Message-ID: <20220504192447.68B46F7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1528-1 Rating: important References: #1197417 #1197533 #1197637 #1197689 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: Security fixes for salt (bsc#1197417): - CVE-2022-22935: Sign authentication replies to prevent MiTM. - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. - CVE-2022-22936: Prevent job and fileserver replays. - CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. Other non security fixes: salt: - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) spacecmd: - Version 4.3.10-1 * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-1528=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+2.39.1 salt-minion-3004+ds-1+2.39.1 spacecmd-4.3.10-2.32.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Wed May 4 19:25:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2022 21:25:40 +0200 (CEST) Subject: SUSE-SU-2022:1538-1: important: Security Beta update for SUSE Manager Salt Bundle Message-ID: <20220504192540.79A52F7B4@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1538-1 Rating: important References: #1197417 #1197637 #1198556 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-BETA-2022-1538=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3004-2.9.2 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 From sle-updates at lists.suse.com Thu May 5 01:17:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 03:17:00 +0200 (CEST) Subject: SUSE-RU-2022:1542-1: moderate: Recommended update for sblim-sfcb Message-ID: <20220505011700.DEDFBF7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1542-1 Rating: moderate References: #1190107 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sblim-sfcb fixes the following issues: - Add config option to optionally disable TLSv1.2 (bsc#1190107) - Enable TLS v1.3 by removing explicit curve selection. This should not be required for OpenSSL 1.1.0+ (bsc#1190107) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1542=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1542=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1542=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1542=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1542=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.9-150000.5.9.4 sblim-sfcb-debuginfo-1.4.9-150000.5.9.4 sblim-sfcb-debugsource-1.4.9-150000.5.9.4 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.9-150000.5.9.4 sblim-sfcb-debuginfo-1.4.9-150000.5.9.4 sblim-sfcb-debugsource-1.4.9-150000.5.9.4 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): sblim-sfcb-1.4.9-150000.5.9.4 sblim-sfcb-debuginfo-1.4.9-150000.5.9.4 sblim-sfcb-debugsource-1.4.9-150000.5.9.4 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.9-150000.5.9.4 sblim-sfcb-debuginfo-1.4.9-150000.5.9.4 sblim-sfcb-debugsource-1.4.9-150000.5.9.4 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.9-150000.5.9.4 sblim-sfcb-debuginfo-1.4.9-150000.5.9.4 sblim-sfcb-debugsource-1.4.9-150000.5.9.4 References: https://bugzilla.suse.com/1190107 From sle-updates at lists.suse.com Thu May 5 07:17:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:17:47 +0200 (CEST) Subject: SUSE-CU-2022:865-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220505071747.88AA1F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:865-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-19.5 , bci/dotnet-aspnet:3.1.24 , bci/dotnet-aspnet:3.1.24-19.5 Container Release : 19.5 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Thu May 5 07:19:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:19:52 +0200 (CEST) Subject: SUSE-CU-2022:866-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220505071952.262DEF7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:866-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.5 , bci/dotnet-aspnet:6.0.4 , bci/dotnet-aspnet:6.0.4-17.5 , bci/dotnet-aspnet:latest Container Release : 17.5 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Thu May 5 07:21:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:21:54 +0200 (CEST) Subject: SUSE-CU-2022:867-1: Recommended update of bci/dotnet-sdk Message-ID: <20220505072154.7EAF9F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:867-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-23.43 , bci/dotnet-sdk:5.0.16 , bci/dotnet-sdk:5.0.16-23.43 Container Release : 23.43 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Thu May 5 07:23:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:23:54 +0200 (CEST) Subject: SUSE-CU-2022:868-1: Recommended update of bci/dotnet-sdk Message-ID: <20220505072354.4A90BF7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:868-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-15.5 , bci/dotnet-sdk:6.0.4 , bci/dotnet-sdk:6.0.4-15.5 , bci/dotnet-sdk:latest Container Release : 15.5 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Thu May 5 07:25:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:25:45 +0200 (CEST) Subject: SUSE-CU-2022:869-1: Recommended update of bci/dotnet-runtime Message-ID: <20220505072545.AE369F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:869-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-27.5 , bci/dotnet-runtime:3.1.24 , bci/dotnet-runtime:3.1.24-27.5 Container Release : 27.5 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Thu May 5 07:30:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:30:17 +0200 (CEST) Subject: SUSE-CU-2022:870-1: Recommended update of suse/sle15 Message-ID: <20220505073017.B79CCF7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:870-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.25.2 , suse/sle15:15.4 , suse/sle15:15.4.25.2 Container Release : 25.2 Severity : moderate Type : recommended References : 1193489 1195628 1196107 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - bash-sh-4.4-150400.25.17 updated - bash-4.4-150400.25.17 updated - coreutils-8.32-150400.7.3 updated - cpio-2.13-150400.1.91 updated - crypto-policies-20210917.c9d86d1-150400.1.5 updated - krb5-1.19.2-150400.1.7 updated - libaudit1-3.0.6-150400.2.6 updated - libaugeas0-1.12.0-150400.1.3 updated - libblkid1-2.37.2-150400.6.19 updated - libbz2-1-1.0.8-150400.1.114 updated - libcap2-2.63-150400.1.5 updated - libcom_err2-1.46.4-150400.1.74 updated - libcurl4-7.79.1-150400.2.2 updated - libdw1-0.185-150400.3.29 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.33 updated - libelf1-0.185-150400.3.29 updated - libfdisk1-2.37.2-150400.6.19 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgcrypt20-hmac-1.9.4-150400.4.4 updated - libgcrypt20-1.9.4-150400.4.4 updated - libglib-2_0-0-2.70.4-150400.1.2 updated - libgpg-error0-1.42-150400.1.99 updated - libgpgme11-1.16.0-150400.1.78 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblz4-1-1.9.3-150400.1.5 updated - libmount1-2.37.2-150400.6.19 updated - libopenssl1_1-hmac-1.1.1l-150400.5.7 updated - libopenssl1_1-1.1.1l-150400.5.7 updated - libp11-kit0-0.23.22-150400.1.8 updated - libproxy1-0.4.17-150400.1.5 updated - libreadline7-7.0-150400.25.17 updated - libselinux1-3.1-150400.1.62 updated - libsemanage1-3.1-150400.1.59 updated - libsepol1-3.1-150400.1.63 updated - libsigc-2_0-0-2.10.7-150400.1.5 updated - libsmartcols1-2.37.2-150400.6.19 updated - libsolv-tools-0.7.22-150400.1.2 updated - libssh-config-0.9.6-150400.1.3 updated - libssh4-0.9.6-150400.1.3 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libsystemd0-249.11-150400.6.2 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libudev1-249.11-150400.6.2 updated - libusb-1_0-0-1.0.24-150400.1.2 updated - libuuid1-2.37.2-150400.6.19 updated - libxml2-2-2.9.12-150400.3.2 updated - libyaml-cpp0_6-0.6.3-150400.2.2 updated - libzstd1-1.5.0-150400.1.65 updated - libzypp-17.30.0-150400.1.3 updated - login_defs-4.8.1-150400.8.50 updated - openssl-1_1-1.1.1l-150400.5.7 updated - p11-kit-tools-0.23.22-150400.1.8 updated - p11-kit-0.23.22-150400.1.8 updated - patterns-base-fips-20200124-150400.18.2 updated - perl-base-5.26.1-150300.17.3.1 updated - permissions-20201225-150400.3.2 updated - rpm-config-SUSE-1-150400.12.34 updated - shadow-4.8.1-150400.8.50 updated - sles-release-15.4-150400.52.4 updated - system-group-hardware-20170617-150400.22.26 updated - sysuser-shadow-3.1-150400.1.28 updated - util-linux-2.37.2-150400.6.19 updated - zypper-1.14.52-150400.1.6 updated From sle-updates at lists.suse.com Thu May 5 07:32:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:32:23 +0200 (CEST) Subject: SUSE-RU-2022:1405-1: moderate: Recommended update for autofs Message-ID: <20220505073223.E1E1EF7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1405-1 Rating: moderate References: #1181715 #1195697 #1196485 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for autofs fixes the following issues: - Fix problem with quote handling (bsc#1181715) - Fix locking problem that causes deadlock when sss is used (bsc#1196485) - Suppress portmap calls when port explicitly given (bsc#1195697) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1405=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1405=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1405=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1405=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-150000.7.11.1 autofs-debuginfo-5.1.3-150000.7.11.1 autofs-debugsource-5.1.3-150000.7.11.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): autofs-5.1.3-150000.7.11.1 autofs-debuginfo-5.1.3-150000.7.11.1 autofs-debugsource-5.1.3-150000.7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-150000.7.11.1 autofs-debuginfo-5.1.3-150000.7.11.1 autofs-debugsource-5.1.3-150000.7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-150000.7.11.1 autofs-debuginfo-5.1.3-150000.7.11.1 autofs-debugsource-5.1.3-150000.7.11.1 References: https://bugzilla.suse.com/1181715 https://bugzilla.suse.com/1195697 https://bugzilla.suse.com/1196485 From sle-updates at lists.suse.com Thu May 5 07:32:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:32:27 +0200 (CEST) Subject: SUSE-CU-2022:871-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20220505073227.3C7E9F7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:871-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.0-public-beta , suse/manager/4.3/proxy-httpd:4.3.0-public-beta.2.23 , suse/manager/4.3/proxy-httpd:beta , suse/manager/4.3/proxy-httpd:latest Container Release : 2.23 Severity : important Type : security References : 1153625 1191157 1194883 1195251 1195258 1195628 1196093 1196107 1196332 1196647 1197004 1197024 1197459 1198062 1198237 CVE-2018-25032 CVE-2021-22570 CVE-2022-1271 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2993-1 Released: Mon Nov 18 11:52:23 2019 Summary: Recommended update for tftp Type: recommended Severity: moderate References: 1153625 This update for tftp fixes the following issues: - Add tftp.socket requirement to the service unit section. (bsc#1153625) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) The following package changes have been done: - spacewalk-proxy-html-4.3.2-150400.1.4 added - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libyaml-cpp0_6-0.6.3-150400.2.1 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - libgpgme11-1.16.0-150400.1.73 updated - pam-1.3.0-150000.6.55.3 updated - libsolv-tools-0.7.22-150400.1.1 updated - shadow-4.8.1-150400.8.42 updated - libzypp-17.30.0-150400.1.1 updated - sysuser-shadow-3.1-150400.1.19 updated - zypper-1.14.52-150400.1.3 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - openssl-1_1-1.1.1l-150400.4.7 updated - bzip2-1.0.8-150400.1.114 updated - curl-7.79.1-150400.2.2 updated - kbd-legacy-2.4.0-150400.3.2 updated - libapparmor1-3.0.4-150400.3.1 updated - libatomic1-11.2.1+git610-150000.1.6.6 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libdbus-1-3-1.12.2-150400.16.50 updated - libdevmapper1_03-1.02.163-150400.15.85 updated - libexpat1-2.4.4-150400.2.17 updated - libgmodule-2_0-0-2.70.4-150400.1.2 updated - libgobject-2_0-0-2.70.4-150400.1.2 updated - libgomp1-11.2.1+git610-150000.1.6.6 updated - libitm1-11.2.1+git610-150000.1.6.6 updated - liblsan0-11.2.1+git610-150000.1.6.6 updated - libseccomp2-2.5.3-150400.2.2 updated - libtsan0-11.2.1+git610-150000.1.6.6 updated - libwrap0-7.6-1.433 added - linux-glibc-devel-5.14-150400.4.37 updated - openssl-1.1.1l-150400.1.3 updated - python-rpm-macros-20220106.80d3756-150400.1.37 updated - selinux-tools-3.1-150400.1.62 updated - sudo-1.9.9-150400.2.3 updated - system-user-wwwrun-20170617-150400.22.26 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - xz-5.2.3-150000.4.7.1 updated - kbd-2.4.0-150400.3.2 updated - libgudev-1_0-0-237-150400.1.3 updated - libcryptsetup12-2.4.3-150400.1.98 updated - libcryptsetup12-hmac-2.4.3-150400.1.98 updated - shared-mime-info-2.1-150400.3.3 updated - uyuni-base-common-4.3.2-150400.1.13 updated - libctf0-2.37-150100.7.29.1 updated - binutils-2.37-150100.7.29.1 updated - dbus-1-1.12.2-150400.16.50 updated - tar-1.34-150400.1.4 updated - python3-uyuni-common-libs-4.3.4-150400.1.8 updated - python3-ordered-set-4.0.2-150400.1.2 updated - hwdata-0.357-150000.3.42.1 updated - apache2-utils-2.4.51-150400.4.3 updated - susemanager-build-keys-15.3.5-150400.1.2 updated - policycoreutils-3.1-150400.1.3 updated - systemd-249.11-150400.6.3 updated - gio-branding-SLE-15-150400.25.5 updated - libgio-2_0-0-2.70.4-150400.1.2 updated - glib2-tools-2.70.4-150400.1.2 updated - python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.1.30 updated - susemanager-build-keys-web-15.3.5-150400.1.2 updated - tftp-5.2-5.3.1 added - logrotate-3.18.1-150400.1.6 updated - girepository-1_0-1.70.0-150400.2.7 updated - libgirepository-1_0-1-1.70.0-150400.2.7 updated - python3-setuptools-44.1.1-150400.1.2 updated - apache2-2.4.51-150400.4.3 updated - apache2-prefork-2.4.51-150400.4.3 updated - python3-gobject-3.42.0-150400.1.44 updated - spacewalk-base-minimal-4.3.12-150400.1.11 updated - apache2-mod_wsgi-4.7.1-150400.1.48 updated - spacewalk-ssl-cert-check-4.3.2-150400.1.15 updated - python3-pyOpenSSL-20.0.1-150400.1.2 updated - spacewalk-base-minimal-config-4.3.12-150400.1.11 updated - python3-rhnlib-4.3.4-150400.1.7 updated - spacewalk-backend-4.3.10-150400.1.26 updated - python3-libxml2-2.9.12-150400.3.2 updated - python3-dmidecode-3.12.2-150400.12.2 updated - python3-spacewalk-client-tools-4.3.9-150400.1.31 updated - spacewalk-client-tools-4.3.9-150400.1.31 updated - python3-spacewalk-certs-tools-4.3.11-150400.1.7 updated - spacewalk-certs-tools-4.3.11-150400.1.7 updated - mgr-push-4.3.4-150400.1.16 updated - python3-mgr-push-4.3.4-150400.1.16 updated - spacewalk-proxy-package-manager-4.3.8-150400.1.11 updated - spacewalk-proxy-common-4.3.8-150400.1.11 updated - spacewalk-proxy-broker-4.3.8-150400.1.11 updated - susemanager-tftpsync-recv-4.3.6-150400.1.3 added - spacewalk-proxy-redirect-4.3.8-150400.1.11 updated - less-590-150400.1.45 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Thu May 5 07:32:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:32:42 +0200 (CEST) Subject: SUSE-CU-2022:872-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20220505073242.87881F7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:872-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.0-public-beta , suse/manager/4.3/proxy-salt-broker:4.3.0-public-beta.2.27 , suse/manager/4.3/proxy-salt-broker:beta , suse/manager/4.3/proxy-salt-broker:latest Container Release : 2.27 Severity : important Type : security References : 1191157 1194883 1195258 1196093 1196275 1196406 1196647 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2021-22570 CVE-2022-1271 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libyaml-cpp0_6-0.6.3-150400.2.1 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - libgpgme11-1.16.0-150400.1.73 updated - pam-1.3.0-150000.6.55.3 updated - libsolv-tools-0.7.22-150400.1.1 updated - shadow-4.8.1-150400.8.42 updated - libzypp-17.30.0-150400.1.1 updated - sysuser-shadow-3.1-150400.1.19 updated - zypper-1.14.52-150400.1.3 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - openssl-1_1-1.1.1l-150400.4.7 updated - libexpat1-2.4.4-150400.2.17 updated - libpgm-5_2-0-5.2.122-150400.15.4 updated From sle-updates at lists.suse.com Thu May 5 07:32:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:32:57 +0200 (CEST) Subject: SUSE-CU-2022:873-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20220505073257.22B7CF7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:873-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.0-public-beta , suse/manager/4.3/proxy-squid:4.3.0-public-beta.2.14 , suse/manager/4.3/proxy-squid:beta , suse/manager/4.3/proxy-squid:latest Container Release : 2.14 Severity : important Type : security References : 1191157 1194883 1196093 1196275 1196406 1196647 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libexpat1-2.4.4-150400.2.17 updated - libnettle8-3.7.3-150400.2.19 updated - libtdb1-1.4.4-150400.1.7 updated - squid-5.4.1-150400.1.13 updated From sle-updates at lists.suse.com Thu May 5 07:33:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:33:11 +0200 (CEST) Subject: SUSE-CU-2022:874-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20220505073311.B5B30F7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:874-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.0-public-beta , suse/manager/4.3/proxy-ssh:4.3.0-public-beta.2.16 , suse/manager/4.3/proxy-ssh:beta , suse/manager/4.3/proxy-ssh:latest Container Release : 2.16 Severity : important Type : security References : 1191157 1194883 1196093 1196275 1196406 1196647 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libexpat1-2.4.4-150400.2.17 updated From sle-updates at lists.suse.com Thu May 5 07:33:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 09:33:26 +0200 (CEST) Subject: SUSE-CU-2022:875-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20220505073326.F0B71F7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:875-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.0-public-beta , suse/manager/4.3/proxy-tftpd:4.3.0-public-beta.2.16 , suse/manager/4.3/proxy-tftpd:beta , suse/manager/4.3/proxy-tftpd:latest Container Release : 2.16 Severity : important Type : security References : 1002895 1082318 1102408 1105435 1107105 1114407 1119687 1124223 1125410 1126377 1130325 1130326 1131060 1131686 1138666 1138715 1138746 1150137 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1167732 1172091 1172115 1172234 1172236 1172240 1173641 1174673 1176389 1177120 1177127 1177864 1178168 1179805 1180125 1182066 1182421 1182422 1183374 1183858 1184505 1185588 1186642 1186819 1187045 1187338 1187668 1189241 1189287 1189659 1190566 1190858 1191157 1192249 1193179 1194883 1196093 1196275 1196406 1196647 1197004 1197024 1197459 1198062 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2018-1000654 CVE-2018-20346 CVE-2018-25032 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-3880 CVE-2019-9936 CVE-2019-9937 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-25659 CVE-2020-26137 CVE-2020-29651 CVE-2020-36242 CVE-2020-9327 CVE-2021-33503 CVE-2021-3426 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 CVE-2022-1271 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important References: 1187045,CVE-2021-33503 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2096-1 Released: Mon Jun 21 13:35:38 2021 Summary: Recommended update for python-six Type: recommended Severity: moderate References: 1186642 This update for python-six fixes the following issue: - python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2997-1 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1187338,1189659 This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1190566,1192249,1193179 This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - libsqlite3-0-3.36.0-3.12.1 added - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - crypto-policies-20210917.c9d86d1-150400.1.4 added - openssl-1_1-1.1.1l-150400.4.7 added - p11-kit-0.23.22-150400.1.7 added - p11-kit-tools-0.23.22-150400.1.7 added - ca-certificates-2+git20210309.21162a6-2.1 added - ca-certificates-mozilla-2.44-21.1 added - libexpat1-2.4.4-150400.2.17 updated - libpython3_6m1_0-3.6.15-150300.10.21.1 added - python3-base-3.6.15-150300.10.21.1 added - python3-3.6.15-150300.10.21.1 added - python3-six-1.14.0-12.1 added - python3-pyparsing-2.4.7-1.24 added - python3-pycparser-2.17-3.2.1 added - python3-pyasn1-0.4.2-3.2.1 added - python3-py-1.8.1-5.6.1 added - python3-ordered-set-4.0.2-150400.1.2 added - python3-idna-2.6-1.20 added - python3-fbtftp-0.5-150400.1.3 added - python3-chardet-3.0.4-3.23 added - python3-certifi-2018.1.18-1.18 added - python3-asn1crypto-0.24.0-3.2.1 added - python3-appdirs-1.4.3-1.21 added - python3-PyYAML-5.4.1-1.1 added - python3-packaging-20.3-1.9 added - python3-cffi-1.13.2-3.2.5 added - python3-setuptools-44.1.1-150400.1.2 added - python3-cryptography-2.8-10.1 added - python3-pyOpenSSL-20.0.1-150400.1.2 added - python3-urllib3-1.25.10-4.3.1 added - python3-requests-2.24.0-1.24 added - dbus-1-1.12.2-150400.16.39 removed - kbd-2.4.0-150400.3.1 removed - kbd-legacy-2.4.0-150400.3.1 removed - libapparmor1-3.0.4-150400.1.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libcryptsetup12-2.4.3-150400.1.55 removed - libcryptsetup12-hmac-2.4.3-150400.1.55 removed - libdbus-1-3-1.12.2-150400.16.39 removed - libdevmapper1_03-1.02.163-150400.15.38 removed - libip4tc2-1.8.7-1.1 removed - libjson-c3-0.13-3.3.1 removed - libkmod2-29-4.15.1 removed - libseccomp2-2.5.3-150400.2.1 removed - libudev1-249.11-150400.1.8 removed - libwrap0-7.6-1.433 removed - netcfg-11.6-3.3.1 removed - pam-config-1.1-3.3.1 removed - pkg-config-0.29.2-1.436 removed - systemd-249.11-150400.2.2 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-branding-SLE-15.1-20.8.1 removed - systemd-presets-common-SUSE-15-8.9.1 removed - tftp-5.2-5.3.1 removed From sle-updates at lists.suse.com Thu May 5 13:22:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 15:22:57 +0200 (CEST) Subject: SUSE-SU-2022:1545-1: important: Security Beta update for SUSE Manager Client Tools Message-ID: <20220505132257.52998FBAA@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1545-1 Rating: important References: #1181400 #1196338 #1196704 #1197042 #1197417 #1197533 #1197579 #1197637 #1197689 SLE-24077 SLE-24145 Cross-References: CVE-2022-21698 CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains two features and has four fixes is now available. Description: This update fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077) - Update to version 0.23.0: * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Added hardening to systemd service(s) (bsc#1181400). golang-github-prometheus-prometheus: - Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it - Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run - Create firewalld-prometheus-config subpackage (bsc#1197042) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338) mgr-cfg: - Version 4.3.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) mgr-osad: - Version 4.3.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.3.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.3.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 rhnlib: - Version 4.3.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 salt: - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues for salt (bsc#1197417): * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. spacecmd: - Version 4.3.10-1 * parse boolean parameters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port spacewalk-client-tools: - Version 4.3.9-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-koan: - Version 4.3.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.3.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.3.3-1 * Fix the condition for preventing building python 2 subpackage for SLE15 uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) uyuni-proxy-systemd-services: - Version 4.3.2-1 * Harmonize systemd services names and container names * Adapted to work on Enterprise Linux. * Add package to SLE and Client tools (jsc#SLE-24145) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-1545=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): firewalld-prometheus-config-0.1-159000.6.30.4 golang-github-prometheus-alertmanager-0.23.0-159000.6.9.3 golang-github-prometheus-prometheus-2.32.1-159000.6.30.4 python3-salt-3004-159000.8.56.1 python3-uyuni-common-libs-4.3.4-159000.3.30.2 salt-3004-159000.8.56.1 salt-api-3004-159000.8.56.1 salt-cloud-3004-159000.8.56.1 salt-doc-3004-159000.8.56.1 salt-master-3004-159000.8.56.1 salt-minion-3004-159000.8.56.1 salt-proxy-3004-159000.8.56.1 salt-ssh-3004-159000.8.56.1 salt-standalone-formulas-configuration-3004-159000.8.56.1 salt-syndic-3004-159000.8.56.1 salt-transactional-update-3004-159000.8.56.1 - SUSE Manager Tools 15-BETA (noarch): mgr-cfg-4.3.6-159000.4.26.1 mgr-cfg-actions-4.3.6-159000.4.26.1 mgr-cfg-client-4.3.6-159000.4.26.1 mgr-cfg-management-4.3.6-159000.4.26.1 mgr-osad-4.3.6-159000.4.27.2 mgr-push-4.3.4-159000.4.18.2 mgr-virtualization-host-4.3.5-159000.4.18.2 python3-mgr-cfg-4.3.6-159000.4.26.1 python3-mgr-cfg-actions-4.3.6-159000.4.26.1 python3-mgr-cfg-client-4.3.6-159000.4.26.1 python3-mgr-cfg-management-4.3.6-159000.4.26.1 python3-mgr-osa-common-4.3.6-159000.4.27.2 python3-mgr-osad-4.3.6-159000.4.27.2 python3-mgr-push-4.3.4-159000.4.18.2 python3-mgr-virtualization-common-4.3.5-159000.4.18.2 python3-mgr-virtualization-host-4.3.5-159000.4.18.2 python3-rhnlib-4.3.4-159000.6.27.2 python3-spacewalk-check-4.3.9-159000.6.45.2 python3-spacewalk-client-setup-4.3.9-159000.6.45.2 python3-spacewalk-client-tools-4.3.9-159000.6.45.2 python3-spacewalk-koan-4.3.5-159000.6.18.1 python3-spacewalk-oscap-4.3.5-159000.6.18.2 python3-suseRegisterInfo-4.3.3-159000.6.21.2 salt-bash-completion-3004-159000.8.56.1 salt-fish-completion-3004-159000.8.56.1 salt-zsh-completion-3004-159000.8.56.1 spacecmd-4.3.10-159000.6.39.2 spacewalk-check-4.3.9-159000.6.45.2 spacewalk-client-setup-4.3.9-159000.6.45.2 spacewalk-client-tools-4.3.9-159000.6.45.2 spacewalk-koan-4.3.5-159000.6.18.1 spacewalk-oscap-4.3.5-159000.6.18.2 suseRegisterInfo-4.3.3-159000.6.21.2 uyuni-proxy-systemd-services-4.3.2-159000.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197042 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197579 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1197689 From sle-updates at lists.suse.com Thu May 5 13:24:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 15:24:15 +0200 (CEST) Subject: SUSE-RU-2022:1544-1: moderate: Recommended update for dracut Message-ID: <20220505132415.DD321FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1544-1 Rating: moderate References: #1195011 #1195508 #1197967 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(dracut-functions.sh): ip route parsing (bsc#1195011) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1544=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1544=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1544=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1544=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1544=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debuginfo-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debugsource-049.1+suse.234.g902e489c-150200.3.57.1 dracut-extra-049.1+suse.234.g902e489c-150200.3.57.1 dracut-fips-049.1+suse.234.g902e489c-150200.3.57.1 dracut-ima-049.1+suse.234.g902e489c-150200.3.57.1 dracut-tools-049.1+suse.234.g902e489c-150200.3.57.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dracut-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debuginfo-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debugsource-049.1+suse.234.g902e489c-150200.3.57.1 dracut-fips-049.1+suse.234.g902e489c-150200.3.57.1 dracut-ima-049.1+suse.234.g902e489c-150200.3.57.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debuginfo-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debugsource-049.1+suse.234.g902e489c-150200.3.57.1 dracut-fips-049.1+suse.234.g902e489c-150200.3.57.1 dracut-ima-049.1+suse.234.g902e489c-150200.3.57.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dracut-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debuginfo-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debugsource-049.1+suse.234.g902e489c-150200.3.57.1 dracut-fips-049.1+suse.234.g902e489c-150200.3.57.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debuginfo-049.1+suse.234.g902e489c-150200.3.57.1 dracut-debugsource-049.1+suse.234.g902e489c-150200.3.57.1 dracut-fips-049.1+suse.234.g902e489c-150200.3.57.1 References: https://bugzilla.suse.com/1195011 https://bugzilla.suse.com/1195508 https://bugzilla.suse.com/1197967 From sle-updates at lists.suse.com Thu May 5 13:25:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 15:25:10 +0200 (CEST) Subject: SUSE-RU-2022:1543-1: Recommended update for SDL, libbluray and libva Message-ID: <20220505132510.E1D61FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SDL, libbluray and libva ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1543-1 Rating: low References: #1198925 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SDL, libbluray and libva fixes the following issue: - 32bit base libraries are shipped to meet dependencies of the ffmpeg 32bit libraries (bsc#1198925). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1543=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1543=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1543=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1543=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1543=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1543=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1543=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1543=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1543=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1543=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1543=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1543=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1543=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1543=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1543=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1543=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1543=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1543=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1543=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1543=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1543=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray-tools-1.0.2-150000.4.2.1 libbluray-tools-debuginfo-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - openSUSE Leap 15.4 (noarch): libbluray-bdj-1.0.2-150000.4.2.1 - openSUSE Leap 15.4 (x86_64): libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Manager Proxy 4.1 (x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 libva-debugsource-2.0.0-150000.4.2.1 libva-devel-2.0.0-150000.4.2.1 libva-drm2-2.0.0-150000.4.2.1 libva-drm2-debuginfo-2.0.0-150000.4.2.1 libva-x11-2-2.0.0-150000.4.2.1 libva-x11-2-debuginfo-2.0.0-150000.4.2.1 libva2-2.0.0-150000.4.2.1 libva2-debuginfo-2.0.0-150000.4.2.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 libva2-32bit-2.0.0-150000.4.2.1 libva2-32bit-debuginfo-2.0.0-150000.4.2.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 libva-debugsource-2.0.0-150000.4.2.1 libva-devel-2.0.0-150000.4.2.1 libva-drm2-2.0.0-150000.4.2.1 libva-drm2-debuginfo-2.0.0-150000.4.2.1 libva-x11-2-2.0.0-150000.4.2.1 libva-x11-2-debuginfo-2.0.0-150000.4.2.1 libva2-2.0.0-150000.4.2.1 libva2-debuginfo-2.0.0-150000.4.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 libva-debugsource-2.0.0-150000.4.2.1 libva-devel-2.0.0-150000.4.2.1 libva-drm2-2.0.0-150000.4.2.1 libva-drm2-debuginfo-2.0.0-150000.4.2.1 libva-x11-2-2.0.0-150000.4.2.1 libva-x11-2-debuginfo-2.0.0-150000.4.2.1 libva2-2.0.0-150000.4.2.1 libva2-debuginfo-2.0.0-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 libva2-32bit-2.0.0-150000.4.2.1 libva2-32bit-debuginfo-2.0.0-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 libva-debugsource-2.0.0-150000.4.2.1 libva-devel-2.0.0-150000.4.2.1 libva-drm2-2.0.0-150000.4.2.1 libva-drm2-debuginfo-2.0.0-150000.4.2.1 libva-x11-2-2.0.0-150000.4.2.1 libva-x11-2-debuginfo-2.0.0-150000.4.2.1 libva2-2.0.0-150000.4.2.1 libva2-debuginfo-2.0.0-150000.4.2.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 libva2-32bit-2.0.0-150000.4.2.1 libva2-32bit-debuginfo-2.0.0-150000.4.2.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 - SUSE Enterprise Storage 6 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 - SUSE CaaS Platform 4.0 (x86_64): SDL2-debugsource-2.0.8-150000.3.23.1 libSDL2-2_0-0-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-2.0.8-150000.3.23.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150000.3.23.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.23.1 libSDL2-devel-2.0.8-150000.3.23.1 libbluray-debugsource-1.0.2-150000.4.2.1 libbluray-devel-1.0.2-150000.4.2.1 libbluray2-1.0.2-150000.4.2.1 libbluray2-32bit-1.0.2-150000.4.2.1 libbluray2-32bit-debuginfo-1.0.2-150000.4.2.1 libbluray2-debuginfo-1.0.2-150000.4.2.1 References: https://bugzilla.suse.com/1198925 From sle-updates at lists.suse.com Thu May 5 19:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 21:16:06 +0200 (CEST) Subject: SUSE-SU-2022:1546-1: moderate: Security update for python-Twisted Message-ID: <20220505191606.5A5C9FDFC@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1546-1 Rating: moderate References: #1198086 Cross-References: CVE-2022-24801 CVSS scores: CVE-2022-24801 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24801 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1546=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1546=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1546=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1546=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1546=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1546=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.14.1 python-Twisted-debuginfo-15.2.1-9.14.1 python-Twisted-debugsource-15.2.1-9.14.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.14.1 python-Twisted-debuginfo-15.2.1-9.14.1 python-Twisted-debugsource-15.2.1-9.14.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.14.1 python-Twisted-debuginfo-15.2.1-9.14.1 python-Twisted-debugsource-15.2.1-9.14.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.14.1 python-Twisted-debuginfo-15.2.1-9.14.1 python-Twisted-debugsource-15.2.1-9.14.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.14.1 python-Twisted-debuginfo-15.2.1-9.14.1 python-Twisted-debugsource-15.2.1-9.14.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.14.1 python-Twisted-debuginfo-15.2.1-9.14.1 python-Twisted-debugsource-15.2.1-9.14.1 References: https://www.suse.com/security/cve/CVE-2022-24801.html https://bugzilla.suse.com/1198086 From sle-updates at lists.suse.com Thu May 5 19:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 21:16:42 +0200 (CEST) Subject: SUSE-SU-2022:1549-1: moderate: Security update for libvirt Message-ID: <20220505191642.A139BFDFC@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1549-1 Rating: moderate References: #1193364 #1196625 #1197636 Cross-References: CVE-2022-0897 CVSS scores: CVE-2022-0897 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-0897 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1549=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1549=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1549=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1549=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1549=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1549=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvirt-admin-7.1.0-150300.6.29.1 libvirt-admin-debuginfo-7.1.0-150300.6.29.1 - openSUSE Leap 15.4 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-150300.6.29.1 libvirt-admin-7.1.0-150300.6.29.1 libvirt-admin-debuginfo-7.1.0-150300.6.29.1 libvirt-client-7.1.0-150300.6.29.1 libvirt-client-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-config-network-7.1.0-150300.6.29.1 libvirt-daemon-config-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-gluster-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-gluster-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-hooks-7.1.0-150300.6.29.1 libvirt-daemon-lxc-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-devel-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 libvirt-lock-sanlock-7.1.0-150300.6.29.1 libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.29.1 libvirt-nss-7.1.0-150300.6.29.1 libvirt-nss-debuginfo-7.1.0-150300.6.29.1 wireshark-plugin-libvirt-7.1.0-150300.6.29.1 wireshark-plugin-libvirt-debuginfo-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 libvirt-doc-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (x86_64): libvirt-client-32bit-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-libxl-7.1.0-150300.6.29.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-xen-7.1.0-150300.6.29.1 libvirt-devel-32bit-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-150300.6.29.1 libvirt-admin-7.1.0-150300.6.29.1 libvirt-admin-debuginfo-7.1.0-150300.6.29.1 libvirt-client-7.1.0-150300.6.29.1 libvirt-client-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-config-network-7.1.0-150300.6.29.1 libvirt-daemon-config-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-hooks-7.1.0-150300.6.29.1 libvirt-daemon-lxc-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-devel-7.1.0-150300.6.29.1 libvirt-lock-sanlock-7.1.0-150300.6.29.1 libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.29.1 libvirt-nss-7.1.0-150300.6.29.1 libvirt-nss-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 libvirt-doc-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): libvirt-daemon-driver-libxl-7.1.0-150300.6.29.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-xen-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libvirt-client-7.1.0-150300.6.29.1 libvirt-client-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 References: https://www.suse.com/security/cve/CVE-2022-0897.html https://bugzilla.suse.com/1193364 https://bugzilla.suse.com/1196625 https://bugzilla.suse.com/1197636 From sle-updates at lists.suse.com Thu May 5 19:17:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2022 21:17:35 +0200 (CEST) Subject: SUSE-SU-2022:1548-1: moderate: Security update for tar Message-ID: <20220505191735.76588FDFC@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1548-1 Rating: moderate References: #1029961 #1120610 #1130496 #1181131 Cross-References: CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 CVSS scores: CVE-2018-20482 (NVD) : 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-20482 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9923 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-9923 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-20193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the "-K NAME" option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1548=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1548=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1548=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1548=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1548=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1548=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 tar-rmt-1.34-150000.3.12.1 tar-rmt-debuginfo-1.34-150000.3.12.1 tar-tests-1.34-150000.3.12.1 tar-tests-debuginfo-1.34-150000.3.12.1 - openSUSE Leap 15.3 (noarch): tar-backup-scripts-1.34-150000.3.12.1 tar-doc-1.34-150000.3.12.1 tar-lang-1.34-150000.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 tar-rmt-1.34-150000.3.12.1 tar-rmt-debuginfo-1.34-150000.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): tar-lang-1.34-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 tar-rmt-1.34-150000.3.12.1 tar-rmt-debuginfo-1.34-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tar-lang-1.34-150000.3.12.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2018-20482.html https://www.suse.com/security/cve/CVE-2019-9923.html https://www.suse.com/security/cve/CVE-2021-20193.html https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1120610 https://bugzilla.suse.com/1130496 https://bugzilla.suse.com/1181131 From sle-updates at lists.suse.com Fri May 6 07:18:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:18:25 +0200 (CEST) Subject: SUSE-CU-2022:877-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20220506071825.B715BF790@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:877-1 Container Tags : ses/7/cephcsi/cephcsi:3.4.0 , ses/7/cephcsi/cephcsi:3.4.0.0.3.911 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.4.0 , ses/7/cephcsi/cephcsi:v3.4.0.0 Container Release : 3.911 Severity : important Type : security References : 1172427 1177460 1179557 1183533 1184501 1187748 1188911 1191157 1192838 1193489 1194172 1194642 1194848 1194883 1195231 1195251 1195628 1195999 1196046 1196061 1196107 1196317 1196368 1196514 1196733 1196787 1196925 1196938 1196939 1197004 1197134 1197188 1197297 1197788 1198062 1198237 CVE-2021-28153 CVE-2022-1271 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1145-1 Released: Mon Apr 11 14:59:54 2022 Summary: Recommended update for tcmu-runner Type: recommended Severity: moderate References: 1196787 This update for tcmu-runner fixes the following issues: - fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1424-1 Released: Wed Apr 27 09:49:39 2022 Summary: Recommended update for ceph-salt Type: recommended Severity: moderate References: 1179557,1187748,1188911,1192838,1196046,1196733,1196938,1197188 This update for ceph-salt fixes the following issues: - Update to 15.2.18+1648116143.g2de2e6c: + Add OS and Ceph version info to ceph-salt status output (#480) + ceph-salt-formula: Add hosts with admin label (#480) + Add the orchestrator _admin host label during ceph-salt update (#477, bsc#1197188) + Config the ssh key after package install/upgrade (#474, bsc#1196938) - Update to 15.2.17+1646036007.g71de5d9: + Use ipaddress module to determine loopback interfaces (#472) This update for ceph, ceph-iscsi fixes the following issues: - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to v15.2.16 + rebase on top of Ceph v15.2.16 tag v15.2.16 + https://ceph.io/en/news/blog/2022/v15-2-16-octopus-released/ + (bsc#1192838) cephadm: Fix iscsi client caps (allow mgr service status calls) + (bsc#1187748) When an RBD is mapped, it is attempted to be deployed as an OSD. + (bsc#1188911) OSD marked down causes wrong backfill_toofull - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to 3.5+1647618797.gb7bc626. + ceph_iscsi_config: disable emulate_legacy_capacity (bsc#1179557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - binutils-2.37-150100.7.29.1 updated - ceph-base-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-common-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-grafana-dashboards-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-iscsi-3.5+1647618797.gb7bc626-150200.3.9.1 updated - ceph-mds-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-cephadm-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-dashboard-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-modules-core-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-rook-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mon-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-osd-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-prometheus-alerts-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-radosgw-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - cephadm-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - device-mapper-1.02.163-8.42.1 updated - e2fsprogs-1.43.8-150000.4.29.1 updated - glib2-tools-2.62.6-150200.3.9.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcephfs2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - libdevmapper-event1_03-1.02.163-8.42.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libext2fs2-1.43.8-150000.4.29.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgio-2_0-0-2.62.6-150200.3.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libgobject-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblvm2cmd2_03-2.03.05-8.42.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - librados2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - librbd1-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - librgw2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libtcmu2-1.5.2-150200.2.7.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libzypp-17.30.0-150200.36.1 updated - lvm2-2.03.05-8.42.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - perl-base-5.26.1-150000.7.15.1 updated - psmisc-23.0-150000.6.22.1 updated - python3-ceph-argparse-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-ceph-common-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-cephfs-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-rados-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-rbd-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-rgw-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - rbd-mirror-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated - tcmu-runner-1.5.2-150200.2.7.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-2.33.2-150100.4.21.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150200.30.2 updated - container:ceph-image-1.0.0-6.231 updated From sle-updates at lists.suse.com Fri May 6 07:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:20:46 +0200 (CEST) Subject: SUSE-CU-2022:878-1: Security update of ses/7/ceph/grafana Message-ID: <20220506072046.8B816F790@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:878-1 Container Tags : ses/7/ceph/grafana:8.3.5 , ses/7/ceph/grafana:8.3.5.3.778 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus Container Release : 3.778 Severity : important Type : security References : 1172427 1179557 1183533 1184501 1187748 1188911 1191157 1192838 1193489 1194642 1194848 1194873 1194883 1195628 1195726 1195727 1195728 1195999 1196046 1196061 1196107 1196317 1196368 1196514 1196733 1196925 1196938 1196939 1197004 1197134 1197188 1198062 CVE-2021-28153 CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-1271 CVE-2022-21673 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 ----------------------------------------------------------------- The container ses/7/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:1419-1 Released: Wed Apr 27 09:20:06 2022 Summary: Feature update for grafana Type: feature Severity: moderate References: 1194873,1195726,1195727,1195728,CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713 This update for grafana fixes the following issues: Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422) - Security: * CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726) * CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727) * CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728) * CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873) * CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226. * Upgrade Docker base image to Alpine 3.14.3. * CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions * Update dependencies to fix CVE-2021-36222. * Upgrade Go to 1.17.2. * Fix stylesheet injection vulnerability. * Fix short URL vulnerability. - License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). - Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Fix No Data behaviour in Legacy Alerting. * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: * `GET /dashboards/db/:slug` * `GET /dashboard-solo/db/:slug` * `GET /api/dashboard/db/:slug` * `DELETE /api/dashboards/db/:slug` * The default HTTP method for Prometheus data source is now POST. * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. - Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. - Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of `$__rate_interval` variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped variables. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS field. * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: error when a user created a query with a `$__interval` min step. * RowsToFields: the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during migration. * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. * BarChart: Fixes panel error that happens on second refresh. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Elasticsearch: Fix metric names for alert queries. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * CloudWatch Logs: Fix crash when no region is selected. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list response. * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query results. * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being created. * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * Elasticsearch: Restore previous field naming strategy when using variables. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in dashboard. * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty responses. * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date fields. * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Transformations: Prevent FilterByValue transform from crashing panel edit. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard load. * Variables: Refreshes all panels even if panel is full screen. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are set. * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Variables: Refreshes all panels even if panel is full screen. * Alerting: Fix NoDataFound for alert rules using AND operator. - Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with special characters. * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification configuration. * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series queries. * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs feature. * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Add stricter systemd unit options. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Alerting: Expand the value string in alert annotations and labels. * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager configuration. * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Datasource: Add support for max_conns_per_host in dataproxy settings. * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure Monitor Logs. * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda at Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs navigation. * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom metrics. * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the editor. * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data source. * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars queries. * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. - Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. * Select: Select menus now properly scroll during keyboard navigation. * grafana/ui: Enable slider marks display. * Plugins: Create a mock icon component to prevent console errors. * Grafana UI: Fix TS error property css is missing in type. * Toolkit: Fix matchMedia not found error. * Toolkit: Improve error messages when tasks fail. * Toolkit: Resolve external fonts when Grafana is served from a sub path. * QueryField: Remove carriage return character from pasted text. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Other changes: * Update to Go 1.17. * Add build-time dependency on `wire`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1424-1 Released: Wed Apr 27 09:49:39 2022 Summary: Recommended update for ceph-salt Type: recommended Severity: moderate References: 1179557,1187748,1188911,1192838,1196046,1196733,1196938,1197188 This update for ceph-salt fixes the following issues: - Update to 15.2.18+1648116143.g2de2e6c: + Add OS and Ceph version info to ceph-salt status output (#480) + ceph-salt-formula: Add hosts with admin label (#480) + Add the orchestrator _admin host label during ceph-salt update (#477, bsc#1197188) + Config the ssh key after package install/upgrade (#474, bsc#1196938) - Update to 15.2.17+1646036007.g71de5d9: + Use ipaddress module to determine loopback interfaces (#472) This update for ceph, ceph-iscsi fixes the following issues: - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to v15.2.16 + rebase on top of Ceph v15.2.16 tag v15.2.16 + https://ceph.io/en/news/blog/2022/v15-2-16-octopus-released/ + (bsc#1192838) cephadm: Fix iscsi client caps (allow mgr service status calls) + (bsc#1187748) When an RBD is mapped, it is attempted to be deployed as an OSD. + (bsc#1188911) OSD marked down causes wrong backfill_toofull - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to 3.5+1647618797.gb7bc626. + ceph_iscsi_config: disable emulate_legacy_capacity (bsc#1179557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - ceph-grafana-dashboards-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - grafana-8.3.5-150200.3.21.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libuuid1-2.33.2-150100.4.21.1 updated - libzypp-17.30.0-150200.36.1 updated - perl-base-5.26.1-150000.7.15.1 updated - util-linux-2.33.2-150100.4.21.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-9.5.130 updated From sle-updates at lists.suse.com Fri May 6 07:25:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:25:55 +0200 (CEST) Subject: SUSE-CU-2022:879-1: Recommended update of ses/7/ceph/ceph Message-ID: <20220506072555.09982F790@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:879-1 Container Tags : ses/7/ceph/ceph:15.2.16.99 , ses/7/ceph/ceph:15.2.16.99.6.231 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 6.231 Severity : moderate Type : recommended References : 1194172 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) The following package changes have been done: - psmisc-23.0-150000.6.22.1 updated - container:sles15-image-15.0.0-9.5.130 updated From sle-updates at lists.suse.com Fri May 6 07:26:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:26:37 +0200 (CEST) Subject: SUSE-CU-2022:880-1: Security update of ses/7.1/ceph/haproxy Message-ID: <20220506072637.E07B6F790@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/haproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:880-1 Container Tags : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.1 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific Container Release : 3.5.1 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1183533 1184501 1191157 1191502 1193086 1193489 1194642 1194848 1194883 1195231 1195247 1195251 1195258 1195529 1195628 1195899 1195999 1196061 1196093 1196107 1196317 1196368 1196514 1196567 1196647 1196925 1196939 1197004 1197024 1197134 1197459 1198062 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 CVE-2021-28153 CVE-2022-1271 ----------------------------------------------------------------- The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libsystemd0-246.16-150300.7.42.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libudev1-246.16-150300.7.42.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - pam-1.3.0-150000.6.55.3 updated - perl-base-5.26.1-150300.17.3.1 updated - perl-5.26.1-150300.17.3.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-246.16-150300.7.42.1 updated - udev-246.16-150300.7.42.1 updated - util-linux-2.36.2-150300.4.20.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.14.8 updated From sle-updates at lists.suse.com Fri May 6 07:28:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:28:51 +0200 (CEST) Subject: SUSE-CU-2022:881-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220506072851.41E00F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:881-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-15.42 , bci/dotnet-aspnet:5.0.16 , bci/dotnet-aspnet:5.0.16-15.42 Container Release : 15.42 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri May 6 07:33:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:33:04 +0200 (CEST) Subject: SUSE-CU-2022:884-1: Recommended update of bci/dotnet-sdk Message-ID: <20220506073304.54A73F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:884-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-25.5 , bci/dotnet-sdk:3.1.24 , bci/dotnet-sdk:3.1.24-25.5 Container Release : 25.5 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri May 6 07:39:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:39:02 +0200 (CEST) Subject: SUSE-CU-2022:888-1: Recommended update of bci/dotnet-runtime Message-ID: <20220506073902.2C524F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:888-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-22.42 , bci/dotnet-runtime:5.0.16 , bci/dotnet-runtime:5.0.16-22.42 Container Release : 22.42 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri May 6 07:40:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:40:57 +0200 (CEST) Subject: SUSE-CU-2022:890-1: Recommended update of bci/dotnet-runtime Message-ID: <20220506074057.C44C9F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:890-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.5 , bci/dotnet-runtime:6.0.4 , bci/dotnet-runtime:6.0.4-16.5 , bci/dotnet-runtime:latest Container Release : 16.5 Severity : moderate Type : recommended References : 1191157 1193489 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - libldap-data-2.4.46-150200.14.5.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri May 6 07:45:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 09:45:00 +0200 (CEST) Subject: SUSE-CU-2022:892-1: Security update of bci/golang Message-ID: <20220506074500.21AEEF790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:892-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-16.5 Container Release : 16.5 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated - boost-license1_66_0-1.66.0-12.3.1 removed - gpg2-2.2.27-1.2 removed - libassuan0-2.5.1-2.14 removed - libaugeas0-1.10.1-3.9.1 removed - libboost_system1_66_0-1.66.0-12.3.1 removed - libboost_thread1_66_0-1.66.0-12.3.1 removed - libglib-2_0-0-2.62.6-150200.3.9.1 removed - libgpgme11-1.13.1-4.3.1 removed - libksba8-1.3.5-2.14 removed - libmodman1-2.0.1-1.27 removed - libnpth0-1.5-2.11 removed - libprocps7-3.3.15-7.22.1 removed - libprotobuf-lite20-3.9.2-4.12.1 removed - libproxy1-0.4.15-12.41 removed - libsigc-2_0-0-2.10.2-1.18 removed - libsolv-tools-0.7.22-150200.12.1 removed - libsqlite3-0-3.36.0-3.12.1 removed - libusb-1_0-0-1.0.21-3.3.1 removed - libyaml-cpp0_6-0.6.1-4.5.1 removed - libzypp-17.30.0-150200.36.1 removed - openssl-1_1-1.1.1d-11.43.1 removed - pinentry-1.1.0-4.3.1 removed - procps-3.3.15-7.22.1 removed - rpm-ndb-4.14.3-150300.46.1 removed - zypper-1.14.52-150200.30.2 removed From sle-updates at lists.suse.com Fri May 6 08:15:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 10:15:13 +0200 (CEST) Subject: SUSE-CU-2022:901-1: Security update of bci/python Message-ID: <20220506081513.B9BDEF790@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:901-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-15.6 Container Release : 15.6 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated - container:sles15-image-15.0.0-17.14.7 updated From sle-updates at lists.suse.com Fri May 6 13:17:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 15:17:05 +0200 (CEST) Subject: SUSE-RU-2022:1551-1: moderate: Recommended update for go1.18 Message-ID: <20220506131705.E8D78F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1551-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for go1.18 fixes the following issues: - Remove remaining use of gold linker when bootstrapping with gccgo. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1551=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1551=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1551=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1551=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.14.1 go1.18-doc-1.18.1-150000.1.14.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.14.1 go1.18-doc-1.18.1-150000.1.14.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.14.1 go1.18-doc-1.18.1-150000.1.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.14.1 go1.18-doc-1.18.1-150000.1.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.14.1 References: From sle-updates at lists.suse.com Fri May 6 14:09:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 16:09:00 +0200 (CEST) Subject: SUSE-CU-2022:906-1: Security update of ses/7.1/ceph/keepalived Message-ID: <20220506140900.CFB10F790@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/keepalived ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:906-1 Container Tags : ses/7.1/ceph/keepalived:2.0.19 , ses/7.1/ceph/keepalived:2.0.19.3.5.1 , ses/7.1/ceph/keepalived:latest , ses/7.1/ceph/keepalived:sle15.3.pacific Container Release : 3.5.1 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1183533 1184501 1191157 1191502 1193086 1193489 1194642 1194848 1194883 1195231 1195247 1195251 1195258 1195529 1195628 1195899 1195999 1196061 1196093 1196107 1196317 1196368 1196514 1196567 1196647 1196925 1196939 1196955 1197004 1197024 1197134 1197459 1198062 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 CVE-2021-28153 CVE-2022-1271 ----------------------------------------------------------------- The container ses/7.1/ceph/keepalived was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1179-1 Released: Wed Apr 13 15:47:16 2022 Summary: Recommended update for net-snmp Type: recommended Severity: moderate References: 1196955 This update for net-snmp fixes the following issues: - Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libsnmp30-5.7.3-10.12.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libsystemd0-246.16-150300.7.42.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libudev1-246.16-150300.7.42.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - pam-1.3.0-150000.6.55.3 updated - perl-base-5.26.1-150300.17.3.1 updated - perl-5.26.1-150300.17.3.1 updated - snmp-mibs-5.7.3-10.12.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-246.16-150300.7.42.1 updated - udev-246.16-150300.7.42.1 updated - util-linux-2.36.2-150300.4.20.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.14.8 updated From sle-updates at lists.suse.com Fri May 6 14:13:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 16:13:50 +0200 (CEST) Subject: SUSE-CU-2022:907-1: Security update of bci/golang Message-ID: <20220506141350.2DFC6F790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:907-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-16.7 Container Release : 16.7 Severity : important Type : security References : 1181400 1198234 CVE-2022-24765 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated - container:sles15-image-15.0.0-17.14.8 updated From sle-updates at lists.suse.com Fri May 6 14:14:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 16:14:52 +0200 (CEST) Subject: SUSE-CU-2022:910-1: Security update of bci/bci-init Message-ID: <20220506141452.AF3BFF790@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:910-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.14.36 Container Release : 14.36 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1191157 1193489 1193711 1194883 1194968 1195251 1195628 1196093 1196107 1196275 1196406 1196647 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2022-1271 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - perl-base-5.26.1-150300.17.3.1 updated - libssh-config-0.9.6-150400.1.3 updated - libzstd1-1.5.0-150400.1.65 updated - libuuid1-2.37.2-150400.6.19 updated - libudev1-249.11-150400.6.4 updated - libsmartcols1-2.37.2-150400.6.19 updated - libsepol1-3.1-150400.1.63 updated - liblz4-1-1.9.3-150400.1.5 updated - libgpg-error0-1.42-150400.1.99 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.33 updated - libcom_err2-1.46.4-150400.1.74 updated - libcap2-2.63-150400.1.5 updated - libbz2-1-1.0.8-150400.1.114 updated - libblkid1-2.37.2-150400.6.19 updated - libaudit1-3.0.6-150400.2.6 updated - libgcrypt20-1.9.4-150400.4.4 updated - libgcrypt20-hmac-1.9.4-150400.4.4 updated - libfdisk1-2.37.2-150400.6.19 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libopenssl1_1-1.1.1l-150400.5.7 updated - libopenssl1_1-hmac-1.1.1l-150400.5.7 updated - libelf1-0.185-150400.3.29 updated - libselinux1-3.1-150400.1.62 updated - libxml2-2-2.9.12-150400.3.2 updated - libsystemd0-249.11-150400.6.4 updated - libreadline7-7.0-150400.25.17 updated - patterns-base-fips-20200124-150400.18.2 updated - libdw1-0.185-150400.3.29 updated - libsemanage1-3.1-150400.1.59 updated - libmount1-2.37.2-150400.6.19 updated - krb5-1.19.2-150400.1.7 updated - bash-4.4-150400.25.17 updated - bash-sh-4.4-150400.25.17 updated - libssh4-0.9.6-150400.1.3 updated - login_defs-4.8.1-150400.8.50 updated - cpio-2.13-150400.1.91 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libcurl4-7.79.1-150400.2.2 updated - coreutils-8.32-150400.7.3 updated - sles-release-15.4-150400.53.1 updated - rpm-config-SUSE-1-150400.12.34 updated - permissions-20201225-150400.3.2 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.50 updated - sysuser-shadow-3.1-150400.1.28 updated - system-group-hardware-20170617-150400.22.26 updated - util-linux-2.37.2-150400.6.19 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libp11-kit0-0.23.22-150400.1.8 updated - kbd-legacy-2.4.0-150400.3.2 updated - libapparmor1-3.0.4-150400.3.1 updated - libdbus-1-3-1.12.2-150400.16.50 updated - libdevmapper1_03-1.02.163-150400.15.86 updated - libexpat1-2.4.4-150400.2.17 updated - libseccomp2-2.5.3-150400.2.2 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - kbd-2.4.0-150400.3.2 updated - libcryptsetup12-2.4.3-150400.1.101 updated - libcryptsetup12-hmac-2.4.3-150400.1.101 updated - dbus-1-1.12.2-150400.16.50 updated - systemd-249.11-150400.6.4 updated - container:sles15-image-15.0.0-26.2.4 updated From sle-updates at lists.suse.com Fri May 6 15:58:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 17:58:54 +0200 (CEST) Subject: SUSE-CU-2022:916-1: Security update of trento/trento-db Message-ID: <20220506155854.DE58AF790@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:916-1 Container Tags : trento/trento-db:14.2 , trento/trento-db:14.2-rev1.0.0 , trento/trento-db:14.2-rev1.0.0-build2.2.75 , trento/trento-db:latest Container Release : 2.2.75 Severity : important Type : security References : 1172427 1177460 1182959 1190740 1191502 1193086 1194642 1194642 1194883 1195149 1195231 1195247 1195251 1195529 1195680 1195680 1195792 1195856 1195899 1196025 1196093 1196275 1196406 1196567 1196647 1196784 1196939 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 CVE-2022-25236 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1458-1 Released: Thu Apr 28 14:13:25 2022 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: 1195680 This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1463-1 Released: Fri Apr 29 09:39:45 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libudev1-246.16-150300.7.42.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - glibc-locale-base-2.31-150300.20.7 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libexpat1-2.2.5-3.19.1 updated - libpq5-14.2-5.9.2 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - timezone-2022a-150000.75.7.1 updated - glibc-locale-2.31-150300.20.7 updated - postgresql-14-150300.10.9.12 updated - postgresql14-14.2-5.9.2 updated - systemd-246.16-150300.7.42.1 updated - udev-246.16-150300.7.42.1 updated - postgresql-server-14-150300.10.9.12 updated - postgresql14-server-14.2-5.9.2 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Fri May 6 15:59:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 17:59:38 +0200 (CEST) Subject: SUSE-CU-2022:917-1: Security update of trento/trento-runner Message-ID: <20220506155938.13394F790@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:917-1 Container Tags : trento/trento-runner:1.0.0 , trento/trento-runner:1.0.0-rev1.1.0 , trento/trento-runner:1.0.0-rev1.1.0-build4.5.1 , trento/trento-runner:latest Container Release : 4.5.1 Severity : important Type : security References : 1029961 1082318 1120610 1120610 1130496 1130496 1172427 1176262 1177460 1181131 1181131 1182959 1184124 1186819 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195831 1195856 1195899 1196025 1196093 1196275 1196406 1196567 1196647 1196784 1196939 1197024 1197459 1198062 CVE-2018-20482 CVE-2018-20482 CVE-2018-25032 CVE-2019-20916 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2021-3572 CVE-2022-1271 CVE-2022-25236 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1454-1 Released: Thu Apr 28 11:15:06 2022 Summary: Security update for python-pip Type: security Severity: moderate References: 1176262,1195831,CVE-2019-20916 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libudev1-246.16-150300.7.42.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - tar-1.34-150000.3.12.1 added - libexpat1-2.2.5-3.19.1 updated - timezone-2022a-150000.75.7.1 updated - python3-base-3.6.15-150300.10.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.21.1 updated - python3-3.6.15-150300.10.21.1 updated - python3-six-1.14.0-12.1 updated - python3-pip-20.0.2-150100.6.18.1 updated - container:sles15-image-15.0.0-17.12.1 updated - golang-github-prometheus-node_exporter-1.1.2-3.9.3 removed - trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 removed From sle-updates at lists.suse.com Fri May 6 16:00:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:00:31 +0200 (CEST) Subject: SUSE-CU-2022:919-1: Security update of trento/trento-web Message-ID: <20220506160031.8BCD3F7B4@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:919-1 Container Tags : trento/trento-web:latest , trento/trento-web:v1.0.0 , trento/trento-web:v1.0.0-build4.7.1 Container Release : 4.7.1 Severity : important Type : security References : 1029961 1120610 1130496 1172427 1181131 1182959 1189683 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197024 1197459 1198062 CVE-2018-20482 CVE-2018-25032 CVE-2019-9923 CVE-2021-20193 CVE-2022-1271 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libudev1-246.16-150300.7.42.1 added - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - netcfg-11.6-3.3.1 added - tar-1.34-150000.3.12.1 updated - container:nodejs-16-image-15.0.0-17.12.1 added - container:sles15-image-15.0.0-17.12.1 updated - golang-github-prometheus-node_exporter-1.1.2-3.9.3 removed - trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 removed From sle-updates at lists.suse.com Fri May 6 16:17:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:17:07 +0200 (CEST) Subject: SUSE-OU-2022:1553-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220506161707.30E7CF7B4@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1553-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gom Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1553=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1553=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1553=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1553=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1553=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1553=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gom-debugsource-0.4-150200.3.2.1 gom-devel-0.4-150200.3.2.1 libgom-1_0-0-0.4-150200.3.2.1 libgom-1_0-0-debuginfo-0.4-150200.3.2.1 python3-gom-0.4-150200.3.2.1 typelib-1_0-Gom-1_0-0.4-150200.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gom-debugsource-0.4-150200.3.2.1 gom-devel-0.4-150200.3.2.1 libgom-1_0-0-0.4-150200.3.2.1 libgom-1_0-0-debuginfo-0.4-150200.3.2.1 python3-gom-0.4-150200.3.2.1 typelib-1_0-Gom-1_0-0.4-150200.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): gom-debugsource-0.4-150200.3.2.1 libgom-1_0-0-0.4-150200.3.2.1 libgom-1_0-0-debuginfo-0.4-150200.3.2.1 typelib-1_0-Gom-1_0-0.4-150200.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gom-debugsource-0.4-150200.3.2.1 libgom-1_0-0-0.4-150200.3.2.1 libgom-1_0-0-debuginfo-0.4-150200.3.2.1 typelib-1_0-Gom-1_0-0.4-150200.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): gom-debugsource-0.4-150200.3.2.1 libgom-1_0-0-0.4-150200.3.2.1 libgom-1_0-0-debuginfo-0.4-150200.3.2.1 typelib-1_0-Gom-1_0-0.4-150200.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gom-debugsource-0.4-150200.3.2.1 libgom-1_0-0-0.4-150200.3.2.1 libgom-1_0-0-debuginfo-0.4-150200.3.2.1 typelib-1_0-Gom-1_0-0.4-150200.3.2.1 References: From sle-updates at lists.suse.com Fri May 6 16:17:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:17:40 +0200 (CEST) Subject: SUSE-RU-2022:1556-1: moderate: Recommended update for xkeyboard-config Message-ID: <20220506161741.00805F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for xkeyboard-config ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1556-1 Rating: moderate References: #1188867 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xkeyboard-config fixes the following issues: - Add French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1556=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1556=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1556=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1556=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1556=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1556=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1556=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1556=1 Package List: - openSUSE Leap 15.4 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 xkeyboard-config-lang-2.23.1-150000.3.12.1 - openSUSE Leap 15.3 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 xkeyboard-config-lang-2.23.1-150000.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 xkeyboard-config-lang-2.23.1-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 xkeyboard-config-lang-2.23.1-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 xkeyboard-config-lang-2.23.1-150000.3.12.1 - SUSE Linux Enterprise Micro 5.2 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 - SUSE Linux Enterprise Micro 5.1 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 - SUSE Linux Enterprise Micro 5.0 (noarch): xkeyboard-config-2.23.1-150000.3.12.1 References: https://bugzilla.suse.com/1188867 From sle-updates at lists.suse.com Fri May 6 16:18:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:18:17 +0200 (CEST) Subject: SUSE-RU-2022:1557-1: moderate: Recommended update for psmisc Message-ID: <20220506161817.23042F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for psmisc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1557-1 Rating: moderate References: #1194172 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1557=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): psmisc-22.21-6.25.1 psmisc-debuginfo-22.21-6.25.1 psmisc-debugsource-22.21-6.25.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): psmisc-lang-22.21-6.25.1 References: https://bugzilla.suse.com/1194172 From sle-updates at lists.suse.com Fri May 6 16:18:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:18:53 +0200 (CEST) Subject: SUSE-OU-2022:1554-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220506161853.933ABF7B4@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1554-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gtkmm2, atkmm1_6, pangomm1_4, cairomm1_0 Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1554=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1554=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1554=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1554=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1554=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1554=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pangomm1_4-doc-2.42.0-150200.3.2.1 - openSUSE Leap 15.4 (noarch): atkmm1_6-doc-2.28.0-150200.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): atkmm1_6-debugsource-2.28.0-150200.3.2.1 atkmm1_6-devel-2.28.0-150200.3.2.1 cairomm1_0-debugsource-1.12.2-150000.3.2.1 cairomm1_0-devel-1.12.2-150000.3.2.1 cairomm1_0-doc-1.12.2-150000.3.2.1 gtkmm2-debugsource-2.24.5-150000.3.2.1 gtkmm2-devel-2.24.5-150000.3.2.1 libatkmm-1_6-1-2.28.0-150200.3.2.1 libatkmm-1_6-1-debuginfo-2.28.0-150200.3.2.1 libcairomm-1_0-1-1.12.2-150000.3.2.1 libcairomm-1_0-1-debuginfo-1.12.2-150000.3.2.1 libgtkmm-2_4-1-2.24.5-150000.3.2.1 libgtkmm-2_4-1-debuginfo-2.24.5-150000.3.2.1 libpangomm-1_4-1-2.42.0-150200.3.2.1 libpangomm-1_4-1-debuginfo-2.42.0-150200.3.2.1 pangomm1_4-debugsource-2.42.0-150200.3.2.1 pangomm1_4-devel-2.42.0-150200.3.2.1 pangomm1_4-doc-2.42.0-150200.3.2.1 - openSUSE Leap 15.3 (noarch): atkmm1_6-doc-2.28.0-150200.3.2.1 - openSUSE Leap 15.3 (x86_64): atkmm1_6-devel-32bit-2.28.0-150200.3.2.1 cairomm1_0-devel-32bit-1.12.2-150000.3.2.1 libatkmm-1_6-1-32bit-2.28.0-150200.3.2.1 libatkmm-1_6-1-32bit-debuginfo-2.28.0-150200.3.2.1 libcairomm-1_0-1-32bit-1.12.2-150000.3.2.1 libcairomm-1_0-1-32bit-debuginfo-1.12.2-150000.3.2.1 libgtkmm-2_4-1-32bit-2.24.5-150000.3.2.1 libgtkmm-2_4-1-32bit-debuginfo-2.24.5-150000.3.2.1 libpangomm-1_4-1-32bit-2.42.0-150200.3.2.1 libpangomm-1_4-1-32bit-debuginfo-2.42.0-150200.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gtkmm2-debugsource-2.24.5-150000.3.2.1 gtkmm2-devel-2.24.5-150000.3.2.1 libgtkmm-2_4-1-2.24.5-150000.3.2.1 libgtkmm-2_4-1-debuginfo-2.24.5-150000.3.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): atkmm1_6-debugsource-2.28.0-150200.3.2.1 atkmm1_6-devel-2.28.0-150200.3.2.1 cairomm1_0-debugsource-1.12.2-150000.3.2.1 cairomm1_0-devel-1.12.2-150000.3.2.1 libatkmm-1_6-1-2.28.0-150200.3.2.1 libatkmm-1_6-1-debuginfo-2.28.0-150200.3.2.1 libcairomm-1_0-1-1.12.2-150000.3.2.1 libcairomm-1_0-1-debuginfo-1.12.2-150000.3.2.1 libpangomm-1_4-1-2.42.0-150200.3.2.1 libpangomm-1_4-1-debuginfo-2.42.0-150200.3.2.1 pangomm1_4-debugsource-2.42.0-150200.3.2.1 pangomm1_4-devel-2.42.0-150200.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): atkmm1_6-debugsource-2.28.0-150200.3.2.1 atkmm1_6-devel-2.28.0-150200.3.2.1 cairomm1_0-debugsource-1.12.2-150000.3.2.1 cairomm1_0-devel-1.12.2-150000.3.2.1 gtkmm2-debugsource-2.24.5-150000.3.2.1 gtkmm2-devel-2.24.5-150000.3.2.1 libatkmm-1_6-1-2.28.0-150200.3.2.1 libatkmm-1_6-1-debuginfo-2.28.0-150200.3.2.1 libcairomm-1_0-1-1.12.2-150000.3.2.1 libcairomm-1_0-1-debuginfo-1.12.2-150000.3.2.1 libgtkmm-2_4-1-2.24.5-150000.3.2.1 libgtkmm-2_4-1-debuginfo-2.24.5-150000.3.2.1 libpangomm-1_4-1-2.42.0-150200.3.2.1 libpangomm-1_4-1-debuginfo-2.42.0-150200.3.2.1 pangomm1_4-debugsource-2.42.0-150200.3.2.1 pangomm1_4-devel-2.42.0-150200.3.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): atkmm1_6-debugsource-2.28.0-150200.3.2.1 atkmm1_6-devel-2.28.0-150200.3.2.1 cairomm1_0-debugsource-1.12.2-150000.3.2.1 cairomm1_0-devel-1.12.2-150000.3.2.1 libatkmm-1_6-1-2.28.0-150200.3.2.1 libatkmm-1_6-1-debuginfo-2.28.0-150200.3.2.1 libcairomm-1_0-1-1.12.2-150000.3.2.1 libcairomm-1_0-1-debuginfo-1.12.2-150000.3.2.1 libpangomm-1_4-1-2.42.0-150200.3.2.1 libpangomm-1_4-1-debuginfo-2.42.0-150200.3.2.1 pangomm1_4-debugsource-2.42.0-150200.3.2.1 pangomm1_4-devel-2.42.0-150200.3.2.1 References: From sle-updates at lists.suse.com Fri May 6 16:19:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:19:26 +0200 (CEST) Subject: SUSE-SU-2022:1560-1: important: Security update for libwmf Message-ID: <20220506161926.E7681F7B4@maintenance.suse.de> SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1560-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1560=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1560=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libwmf-0_2-7-0.2.12-243.3.1 libwmf-0_2-7-debuginfo-0.2.12-243.3.1 libwmf-debugsource-0.2.12-243.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-243.3.1 libwmf-0_2-7-debuginfo-0.2.12-243.3.1 libwmf-debugsource-0.2.12-243.3.1 libwmf-devel-0.2.12-243.3.1 libwmf-gnome-0.2.12-243.3.1 libwmf-gnome-debuginfo-0.2.12-243.3.1 libwmf-tools-0.2.12-243.3.1 libwmf-tools-debuginfo-0.2.12-243.3.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075 From sle-updates at lists.suse.com Fri May 6 16:20:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:20:13 +0200 (CEST) Subject: SUSE-RU-2022:1559-1: important: Recommended update for ovmf Message-ID: <20220506162013.E553DF7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1559-1 Rating: important References: #1197458 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ovmf fixes the following issues: - Set TPM2_ENABLE and TPM2_CONFIG_ENABLE because it's needed by ARM (bsc#1197458) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1559=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1559=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1559=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1559=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): ovmf-202008-150300.10.14.1 ovmf-tools-202008-150300.10.14.1 - openSUSE Leap 15.3 (noarch): qemu-ovmf-ia32-202008-150300.10.14.1 qemu-ovmf-x86_64-202008-150300.10.14.1 qemu-uefi-aarch32-202008-150300.10.14.1 qemu-uefi-aarch64-202008-150300.10.14.1 - openSUSE Leap 15.3 (x86_64): qemu-ovmf-x86_64-debug-202008-150300.10.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): ovmf-202008-150300.10.14.1 ovmf-tools-202008-150300.10.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): qemu-ovmf-x86_64-202008-150300.10.14.1 qemu-uefi-aarch64-202008-150300.10.14.1 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.14.1 qemu-uefi-aarch64-202008-150300.10.14.1 - SUSE Linux Enterprise Micro 5.1 (noarch): qemu-ovmf-x86_64-202008-150300.10.14.1 qemu-uefi-aarch64-202008-150300.10.14.1 References: https://bugzilla.suse.com/1197458 From sle-updates at lists.suse.com Fri May 6 16:20:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:20:51 +0200 (CEST) Subject: SUSE-RU-2022:1555-1: moderate: Recommended update for amavisd-new Message-ID: <20220506162051.33BF6F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for amavisd-new ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1555-1 Rating: moderate References: #1185145 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amavisd-new fixes the following issues: - Removed deprecated option "syslog" used in amavis.service (bsc#1185145) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1555=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1555=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1555=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1555=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1555=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): amavisd-new-2.11.1-150000.6.6.1 amavisd-new-debuginfo-2.11.1-150000.6.6.1 amavisd-new-debugsource-2.11.1-150000.6.6.1 amavisd-new-docs-2.11.1-150000.6.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): amavisd-new-2.11.1-150000.6.6.1 amavisd-new-debuginfo-2.11.1-150000.6.6.1 amavisd-new-debugsource-2.11.1-150000.6.6.1 amavisd-new-docs-2.11.1-150000.6.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): amavisd-new-2.11.1-150000.6.6.1 amavisd-new-debuginfo-2.11.1-150000.6.6.1 amavisd-new-debugsource-2.11.1-150000.6.6.1 amavisd-new-docs-2.11.1-150000.6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): amavisd-new-2.11.1-150000.6.6.1 amavisd-new-debuginfo-2.11.1-150000.6.6.1 amavisd-new-debugsource-2.11.1-150000.6.6.1 amavisd-new-docs-2.11.1-150000.6.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): amavisd-new-2.11.1-150000.6.6.1 amavisd-new-debuginfo-2.11.1-150000.6.6.1 amavisd-new-debugsource-2.11.1-150000.6.6.1 amavisd-new-docs-2.11.1-150000.6.6.1 References: https://bugzilla.suse.com/1185145 From sle-updates at lists.suse.com Fri May 6 16:21:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:21:34 +0200 (CEST) Subject: SUSE-RU-2022:1561-1: moderate: Recommended update for python-kiwi Message-ID: <20220506162134.43844F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1561-1 Rating: moderate References: #1192523 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issue: - Fix booting GRUB submenu entries with hybrid images (linux/linuxefi) Variables assigned with "set" are not visible in submenus. Export $linux and $initrd, so that they also work in submenu entries. (bsc#1192523) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1561=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1561=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1561=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1561=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1561=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1561=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1561=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-live-9.24.17-150100.3.50.1 dracut-kiwi-oem-dump-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 dracut-kiwi-overlay-9.24.17-150100.3.50.1 kiwi-man-pages-9.24.17-150100.3.50.1 kiwi-systemdeps-9.24.17-150100.3.50.1 kiwi-systemdeps-bootloaders-9.24.17-150100.3.50.1 kiwi-systemdeps-containers-9.24.17-150100.3.50.1 kiwi-systemdeps-core-9.24.17-150100.3.50.1 kiwi-systemdeps-disk-images-9.24.17-150100.3.50.1 kiwi-systemdeps-filesystems-9.24.17-150100.3.50.1 kiwi-systemdeps-image-validation-9.24.17-150100.3.50.1 kiwi-systemdeps-iso-media-9.24.17-150100.3.50.1 kiwi-tools-9.24.17-150100.3.50.1 kiwi-tools-debuginfo-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 python3-kiwi-9.24.17-150100.3.50.1 - openSUSE Leap 15.3 (x86_64): kiwi-pxeboot-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-live-9.24.17-150100.3.50.1 dracut-kiwi-oem-dump-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 dracut-kiwi-overlay-9.24.17-150100.3.50.1 kiwi-man-pages-9.24.17-150100.3.50.1 kiwi-pxeboot-9.24.17-150100.3.50.1 kiwi-systemdeps-bootloaders-9.24.17-150100.3.50.1 kiwi-systemdeps-core-9.24.17-150100.3.50.1 kiwi-systemdeps-disk-images-9.24.17-150100.3.50.1 kiwi-systemdeps-filesystems-9.24.17-150100.3.50.1 kiwi-systemdeps-image-validation-9.24.17-150100.3.50.1 kiwi-systemdeps-iso-media-9.24.17-150100.3.50.1 kiwi-tools-9.24.17-150100.3.50.1 kiwi-tools-debuginfo-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 python3-kiwi-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-live-9.24.17-150100.3.50.1 dracut-kiwi-oem-dump-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 dracut-kiwi-overlay-9.24.17-150100.3.50.1 kiwi-man-pages-9.24.17-150100.3.50.1 kiwi-systemdeps-9.24.17-150100.3.50.1 kiwi-systemdeps-bootloaders-9.24.17-150100.3.50.1 kiwi-systemdeps-containers-9.24.17-150100.3.50.1 kiwi-systemdeps-core-9.24.17-150100.3.50.1 kiwi-systemdeps-disk-images-9.24.17-150100.3.50.1 kiwi-systemdeps-filesystems-9.24.17-150100.3.50.1 kiwi-systemdeps-image-validation-9.24.17-150100.3.50.1 kiwi-systemdeps-iso-media-9.24.17-150100.3.50.1 kiwi-tools-9.24.17-150100.3.50.1 kiwi-tools-debuginfo-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 python3-kiwi-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): kiwi-pxeboot-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-live-9.24.17-150100.3.50.1 dracut-kiwi-oem-dump-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 dracut-kiwi-overlay-9.24.17-150100.3.50.1 kiwi-man-pages-9.24.17-150100.3.50.1 kiwi-systemdeps-9.24.17-150100.3.50.1 kiwi-systemdeps-bootloaders-9.24.17-150100.3.50.1 kiwi-systemdeps-containers-9.24.17-150100.3.50.1 kiwi-systemdeps-core-9.24.17-150100.3.50.1 kiwi-systemdeps-disk-images-9.24.17-150100.3.50.1 kiwi-systemdeps-filesystems-9.24.17-150100.3.50.1 kiwi-systemdeps-image-validation-9.24.17-150100.3.50.1 kiwi-systemdeps-iso-media-9.24.17-150100.3.50.1 kiwi-tools-9.24.17-150100.3.50.1 kiwi-tools-debuginfo-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 python3-kiwi-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): kiwi-pxeboot-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-oem-dump-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): dracut-kiwi-lib-9.24.17-150100.3.50.1 dracut-kiwi-oem-repart-9.24.17-150100.3.50.1 python-kiwi-debugsource-9.24.17-150100.3.50.1 References: https://bugzilla.suse.com/1192523 From sle-updates at lists.suse.com Fri May 6 16:22:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 18:22:14 +0200 (CEST) Subject: SUSE-RU-2022:1558-1: important: Recommended update for perf Message-ID: <20220506162214.91919F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1558-1 Rating: important References: #1198077 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf fixes the following issues: - Support for PowerPC exposing Performance Monitor Counter SPRs as part of extended regs (bsc#1198077) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1558=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1558=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): perf-5.3.18-150300.38.3.1 perf-debuginfo-5.3.18-150300.38.3.1 perf-debugsource-5.3.18-150300.38.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perf-5.3.18-150300.38.3.1 perf-debuginfo-5.3.18-150300.38.3.1 perf-debugsource-5.3.18-150300.38.3.1 References: https://bugzilla.suse.com/1198077 From sle-updates at lists.suse.com Fri May 6 19:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 21:16:39 +0200 (CEST) Subject: SUSE-RU-2022:1562-1: moderate: Recommended update for trento-agent Message-ID: <20220506191639.DB21BF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for trento-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1562-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for trento-agent fixes the following issues: - Release 1.0.0 - Flat map sap systems payload lists) - Restore release-tag job in the CI - Detect AWS based on dmidecode system-manufacturer - Fix install agent interval - Rename CloudProvider to Provider - Publish csp information of a discovered pacemaker cluster - Load HANA database IP address in agent side - Fix socket leak - fixup installation doc - Update installer for the new agent - Refactor collector port / host in server url - Add trento agent binary to tgz - Add api key support - Bump actions/setup-go from 2 to 3 - Bump actions/download-artifact from 2 to 3 - Bump actions/upload-artifact from 2 to 3 - Bump actions/cache from 3.0.1 to 3.0.2 - Add docs back - Refine service file - Name everything trento-agent and try to bring back the OBS CI step - Instruct the specfile to only create the RPM package for the agent binary - Bump actions/checkout from 2 to 3 (https://github.com/trento-project/agent/pull/3) - Bump actions/cache from 2 to 3.0.1 (https://github.com/trento-project/agent/pull/2) - Add github actions back Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-1562=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-1562=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-1562=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-1562=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): trento-server-installer-1.0.0-150300.3.2.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): trento-server-installer-1.0.0-150300.3.2.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): trento-server-installer-1.0.0-150300.3.2.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-agent-1.0.0-150300.1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): trento-server-installer-1.0.0-150300.3.2.1 References: From sle-updates at lists.suse.com Fri May 6 19:17:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2022 21:17:17 +0200 (CEST) Subject: SUSE-SU-2022:1565-1: moderate: Security update for giflib Message-ID: <20220506191717.02229F790@maintenance.suse.de> SUSE Security Update: Security update for giflib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1565-1 Rating: moderate References: #1094832 #1146299 #1184123 #974847 Cross-References: CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 CVSS scores: CVE-2016-3977 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11490 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-11490 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-15133 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running "make" from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1565=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1565=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1565=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 giflib-progs-5.2.1-150000.4.8.1 giflib-progs-debuginfo-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - openSUSE Leap 15.4 (x86_64): giflib-devel-32bit-5.2.1-150000.4.8.1 libgif7-32bit-5.2.1-150000.4.8.1 libgif7-32bit-debuginfo-5.2.1-150000.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 giflib-progs-5.2.1-150000.4.8.1 giflib-progs-debuginfo-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - openSUSE Leap 15.3 (x86_64): giflib-devel-32bit-5.2.1-150000.4.8.1 libgif7-32bit-5.2.1-150000.4.8.1 libgif7-32bit-debuginfo-5.2.1-150000.4.8.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 References: https://www.suse.com/security/cve/CVE-2016-3977.html https://www.suse.com/security/cve/CVE-2018-11490.html https://www.suse.com/security/cve/CVE-2019-15133.html https://bugzilla.suse.com/1094832 https://bugzilla.suse.com/1146299 https://bugzilla.suse.com/1184123 https://bugzilla.suse.com/974847 From sle-updates at lists.suse.com Sat May 7 07:29:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 May 2022 09:29:53 +0200 (CEST) Subject: SUSE-CU-2022:920-1: Security update of suse/sles12sp3 Message-ID: <20220507072953.BC9F2F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:920-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.384 , suse/sles12sp3:latest Container Release : 24.384 Severity : moderate Type : security References : 1198614 1198766 CVE-2022-22576 CVE-2022-27776 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1564-1 Released: Fri May 6 17:09:17 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198766,CVE-2022-22576,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed Auth/cookie leak on redirect (bsc#1198766) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) The following package changes have been done: - libcurl4-7.37.0-37.73.1 updated From sle-updates at lists.suse.com Sat May 7 07:54:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 May 2022 09:54:17 +0200 (CEST) Subject: SUSE-CU-2022:928-1: Security update of bci/openjdk-devel Message-ID: <20220507075417.89605F790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:928-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.23 , bci/openjdk-devel:latest Container Release : 17.23 Severity : moderate Type : security References : 1094832 1146299 1184123 974847 CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1565-1 Released: Fri May 6 17:09:36 2022 Summary: Security update for giflib Type: security Severity: moderate References: 1094832,1146299,1184123,974847,CVE-2016-3977,CVE-2018-11490,CVE-2019-15133 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) The following package changes have been done: - libgif7-5.2.1-150000.4.8.1 updated - container:openjdk-11-image-15.3.0-17.10 updated From sle-updates at lists.suse.com Sat May 7 16:24:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 May 2022 18:24:34 +0200 (CEST) Subject: SUSE-RU-2022:1566-1: moderate: Recommended update for go1.17 Message-ID: <20220507162434.DA719F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1566-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for go1.17 fixes the following issues: - Remove remaining use of gold linker when bootstrapping with gccgo. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1566=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1566=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1566=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1566=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1566=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.31.1 go1.17-doc-1.17.9-150000.1.31.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.31.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.31.1 go1.17-doc-1.17.9-150000.1.31.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.31.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.17-1.17.9-150000.1.31.1 go1.17-doc-1.17.9-150000.1.31.1 go1.17-race-1.17.9-150000.1.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.31.1 go1.17-doc-1.17.9-150000.1.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.31.1 go1.17-doc-1.17.9-150000.1.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.31.1 References: From sle-updates at lists.suse.com Sun May 8 07:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 8 May 2022 09:19:15 +0200 (CEST) Subject: SUSE-CU-2022:929-1: Recommended update of bci/golang Message-ID: <20220508071915.ADC4FF790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:929-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-16.6 Container Release : 16.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1566-1 Released: Sat May 7 12:33:28 2022 Summary: Recommended update for go1.17 Type: recommended Severity: moderate References: This update for go1.17 fixes the following issues: - Remove remaining use of gold linker when bootstrapping with gccgo. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM The following package changes have been done: - go1.17-1.17.9-150000.1.31.1 updated - container:sles15-image-15.0.0-17.14.6 updated - boost-license1_66_0-1.66.0-12.3.1 removed - gpg2-2.2.27-1.2 removed - libassuan0-2.5.1-2.14 removed - libaugeas0-1.10.1-3.9.1 removed - libboost_system1_66_0-1.66.0-12.3.1 removed - libboost_thread1_66_0-1.66.0-12.3.1 removed - libglib-2_0-0-2.62.6-150200.3.9.1 removed - libgpgme11-1.13.1-4.3.1 removed - libksba8-1.3.5-2.14 removed - libmodman1-2.0.1-1.27 removed - libnpth0-1.5-2.11 removed - libprocps7-3.3.15-7.22.1 removed - libprotobuf-lite20-3.9.2-4.12.1 removed - libproxy1-0.4.15-12.41 removed - libsigc-2_0-0-2.10.2-1.18 removed - libsolv-tools-0.7.22-150200.12.1 removed - libsqlite3-0-3.36.0-3.12.1 removed - libusb-1_0-0-1.0.21-3.3.1 removed - libyaml-cpp0_6-0.6.1-4.5.1 removed - libzypp-17.30.0-150200.36.1 removed - openssl-1_1-1.1.1d-11.43.1 removed - pinentry-1.1.0-4.3.1 removed - procps-3.3.15-7.22.1 removed - rpm-ndb-4.14.3-150300.46.1 removed - zypper-1.14.52-150200.30.2 removed From sle-updates at lists.suse.com Mon May 9 07:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 09:16:50 +0200 (CEST) Subject: SUSE-SU-2022:1569-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) Message-ID: <20220509071650.7B4DAF7B4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1569-1 Rating: important References: #1195950 #1198133 Cross-References: CVE-2022-0330 CVE-2022-1158 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1568=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1569=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1570=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-7-150300.2.1 kernel-livepatch-5_3_18-59_40-default-8-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-8-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1195950 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Mon May 9 13:16:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 15:16:38 +0200 (CEST) Subject: SUSE-SU-2022:1571-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) Message-ID: <20220509131638.9B729FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1571-1 Rating: important References: #1198133 Cross-References: CVE-2022-1158 CVSS scores: CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_60 fixes one issue. The following security issue was fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1571=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1572=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1574=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_49-default-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_54-default-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_60-default-4-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Mon May 9 13:17:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 15:17:11 +0200 (CEST) Subject: SUSE-SU-2022:1573-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) Message-ID: <20220509131711.63982FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1573-1 Rating: important References: #1196959 #1198133 Cross-References: CVE-2021-39698 CVE-2022-1158 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_63 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - - CVE-2021-39698: In aio_poll_complete_work of aio.c, there was a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1196959) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1573=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_63-default-2-150300.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Mon May 9 16:17:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 18:17:14 +0200 (CEST) Subject: SUSE-SU-2022:1575-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) Message-ID: <20220509161714.2A99DFDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1575-1 Rating: important References: #1195950 #1198133 Cross-References: CVE-2022-0330 CVE-2022-1158 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_37 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1575=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_37-default-8-150300.2.1 kernel-livepatch-5_3_18-59_37-default-debuginfo-8-150300.2.1 kernel-livepatch-SLE15-SP3_Update_10-debugsource-8-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1195950 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Mon May 9 16:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 18:17:58 +0200 (CEST) Subject: SUSE-SU-2022:1576-1: Security update for ldb Message-ID: <20220509161758.CE1A4FDFC@maintenance.suse.de> SUSE Security Update: Security update for ldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1576-1 Rating: low References: #1198397 Cross-References: CVE-2021-3670 CVSS scores: CVE-2021-3670 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1576=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1576=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1576=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1576=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-1576=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 ldb-tools-2.4.2-150300.3.15.1 ldb-tools-debuginfo-2.4.2-150300.3.15.1 libldb-devel-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 python3-ldb-2.4.2-150300.3.15.1 python3-ldb-debuginfo-2.4.2-150300.3.15.1 python3-ldb-devel-2.4.2-150300.3.15.1 - openSUSE Leap 15.3 (x86_64): libldb2-32bit-2.4.2-150300.3.15.1 libldb2-32bit-debuginfo-2.4.2-150300.3.15.1 python3-ldb-32bit-2.4.2-150300.3.15.1 python3-ldb-32bit-debuginfo-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 ldb-tools-2.4.2-150300.3.15.1 ldb-tools-debuginfo-2.4.2-150300.3.15.1 libldb-devel-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 python3-ldb-2.4.2-150300.3.15.1 python3-ldb-debuginfo-2.4.2-150300.3.15.1 python3-ldb-devel-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldb2-32bit-2.4.2-150300.3.15.1 libldb2-32bit-debuginfo-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ldb-debugsource-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 python3-ldb-2.4.2-150300.3.15.1 python3-ldb-debuginfo-2.4.2-150300.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-3670.html https://bugzilla.suse.com/1198397 From sle-updates at lists.suse.com Mon May 9 19:16:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 21:16:54 +0200 (CEST) Subject: SUSE-SU-2022:1583-1: important: Security update for rsyslog Message-ID: <20220509191654.D9E4EFDFC@maintenance.suse.de> SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1583-1 Rating: important References: #1199061 Cross-References: CVE-2022-24903 CVSS scores: CVE-2022-24903 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1583=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1583=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1583=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1583=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1583=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1583=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1583=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1583=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1583=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1583=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1583=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1583=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1583=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-diag-tools-8.2106.0-150200.4.26.1 rsyslog-diag-tools-debuginfo-8.2106.0-150200.4.26.1 rsyslog-doc-8.2106.0-150200.4.26.1 rsyslog-module-dbi-8.2106.0-150200.4.26.1 rsyslog-module-dbi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-elasticsearch-8.2106.0-150200.4.26.1 rsyslog-module-elasticsearch-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gcrypt-8.2106.0-150200.4.26.1 rsyslog-module-gcrypt-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-omamqp1-8.2106.0-150200.4.26.1 rsyslog-module-omamqp1-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-omhttpfs-8.2106.0-150200.4.26.1 rsyslog-module-omhttpfs-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-omtcl-8.2106.0-150200.4.26.1 rsyslog-module-omtcl-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-ossl-8.2106.0-150200.4.26.1 rsyslog-module-ossl-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Manager Proxy 4.1 (x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rsyslog-8.2106.0-150200.4.26.1 rsyslog-debuginfo-8.2106.0-150200.4.26.1 rsyslog-debugsource-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-8.2106.0-150200.4.26.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-gtls-8.2106.0-150200.4.26.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.26.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-mysql-8.2106.0-150200.4.26.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-8.2106.0-150200.4.26.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-relp-8.2106.0-150200.4.26.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-snmp-8.2106.0-150200.4.26.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-8.2106.0-150200.4.26.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.26.1 References: https://www.suse.com/security/cve/CVE-2022-24903.html https://bugzilla.suse.com/1199061 From sle-updates at lists.suse.com Mon May 9 19:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 21:17:34 +0200 (CEST) Subject: SUSE-SU-2022:1579-1: important: Security update for MozillaFirefox Message-ID: <20220509191734.6FA99FDFC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1579-1 Rating: important References: #1198970 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (bsc#1198970). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1579=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 References: https://bugzilla.suse.com/1198970 From sle-updates at lists.suse.com Mon May 9 19:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 21:18:16 +0200 (CEST) Subject: SUSE-SU-2022:1577-1: important: Security update for MozillaFirefox Message-ID: <20220509191816.2E30AFDFC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1577-1 Rating: important References: #1188891 #1189547 #1190269 #1190274 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 CVSS scores: CVE-2021-29980 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29980 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29981 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29982 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-29984 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29986 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-29986 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29987 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-29988 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29990 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-38492 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38495 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38495 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded "just in time" if you decide to "Log in with Facebook" on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We???ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We???ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1577=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1577=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1577=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1577=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1577=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1577=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1577=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1577=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1577=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1577=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.9.0-150000.150.34.1 MozillaFirefox-debuginfo-91.9.0-150000.150.34.1 MozillaFirefox-debugsource-91.9.0-150000.150.34.1 MozillaFirefox-devel-91.9.0-150000.150.34.1 MozillaFirefox-translations-common-91.9.0-150000.150.34.1 MozillaFirefox-translations-other-91.9.0-150000.150.34.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29981.html https://www.suse.com/security/cve/CVE-2021-29982.html https://www.suse.com/security/cve/CVE-2021-29983.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29987.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://www.suse.com/security/cve/CVE-2021-29990.html https://www.suse.com/security/cve/CVE-2021-29991.html https://www.suse.com/security/cve/CVE-2021-38492.html https://www.suse.com/security/cve/CVE-2021-38495.html https://bugzilla.suse.com/1188891 https://bugzilla.suse.com/1189547 https://bugzilla.suse.com/1190269 https://bugzilla.suse.com/1190274 From sle-updates at lists.suse.com Mon May 9 19:19:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 21:19:30 +0200 (CEST) Subject: SUSE-SU-2022:1582-1: important: Security update for MozillaFirefox Message-ID: <20220509191930.B7D53FDFC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1582-1 Rating: important References: #1188891 #1189547 #1190269 #1190274 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 CVSS scores: CVE-2021-29980 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29980 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29981 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29982 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-29984 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29986 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-29986 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29987 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-29988 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29990 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-38492 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38495 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38495 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded "just in time" if you decide to "Log in with Facebook" on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We???ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We???ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1582=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1582=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1582=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1582=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1582=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1582=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1582=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1582=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1582=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1582=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1582=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1582=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1582=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.9.0-112.104.1 MozillaFirefox-debuginfo-91.9.0-112.104.1 MozillaFirefox-debugsource-91.9.0-112.104.1 MozillaFirefox-devel-91.9.0-112.104.1 MozillaFirefox-translations-common-91.9.0-112.104.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29981.html https://www.suse.com/security/cve/CVE-2021-29982.html https://www.suse.com/security/cve/CVE-2021-29983.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29987.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://www.suse.com/security/cve/CVE-2021-29990.html https://www.suse.com/security/cve/CVE-2021-29991.html https://www.suse.com/security/cve/CVE-2021-38492.html https://www.suse.com/security/cve/CVE-2021-38495.html https://bugzilla.suse.com/1188891 https://bugzilla.suse.com/1189547 https://bugzilla.suse.com/1190269 https://bugzilla.suse.com/1190274 From sle-updates at lists.suse.com Mon May 9 19:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2022 21:20:44 +0200 (CEST) Subject: SUSE-RU-2022:1579-1: important: Recommended update for MozillaFirefox Message-ID: <20220509192044.3BB54FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1579-1 Rating: important References: #1198970 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR MFSA 2022-17 (bsc#1198970) * CVE-2022-29914: Fullscreen notification bypass using popups * CVE-2022-29909: Bypassing permission prompt in nested browsing contexts * CVE-2022-29916: Leaking browser history with CSS variables * CVE-2022-29911: iframe Sandbox bypass * CVE-2022-29912: Reader mode bypassed SameSite cookies * CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1579=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1579=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1579=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1579=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1579=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1579=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1579=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1579=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1579=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1579=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1579=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1579=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1579=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-branding-upstream-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-branding-upstream-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.9.0-150200.152.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.9.0-150200.152.33.1 MozillaFirefox-debuginfo-91.9.0-150200.152.33.1 MozillaFirefox-debugsource-91.9.0-150200.152.33.1 MozillaFirefox-devel-91.9.0-150200.152.33.1 MozillaFirefox-translations-common-91.9.0-150200.152.33.1 MozillaFirefox-translations-other-91.9.0-150200.152.33.1 References: https://www.suse.com/security/cve/CVE-2022-29909.html https://www.suse.com/security/cve/CVE-2022-29911.html https://www.suse.com/security/cve/CVE-2022-29912.html https://www.suse.com/security/cve/CVE-2022-29914.html https://www.suse.com/security/cve/CVE-2022-29916.html https://www.suse.com/security/cve/CVE-2022-29917.html https://bugzilla.suse.com/1198970 From sle-updates at lists.suse.com Mon May 9 22:18:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 00:18:34 +0200 (CEST) Subject: SUSE-SU-2022:1580-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) Message-ID: <20220509221834.716DEFDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1580-1 Rating: important References: #1195950 Cross-References: CVE-2022-0330 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_106 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1584=1 SUSE-SLE-Live-Patching-12-SP5-2022-1585=1 SUSE-SLE-Live-Patching-12-SP5-2022-1586=1 SUSE-SLE-Live-Patching-12-SP5-2022-1587=1 SUSE-SLE-Live-Patching-12-SP5-2022-1588=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1578=1 SUSE-SLE-Live-Patching-12-SP4-2022-1580=1 SUSE-SLE-Live-Patching-12-SP4-2022-1581=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-8-2.1 kgraft-patch-4_12_14-122_106-default-6-2.1 kgraft-patch-4_12_14-122_77-default-14-2.1 kgraft-patch-4_12_14-122_91-default-10-2.1 kgraft-patch-4_12_14-122_98-default-8-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_77-default-15-2.1 kgraft-patch-4_12_14-95_80-default-13-2.1 kgraft-patch-4_12_14-95_83-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1195950 From sle-updates at lists.suse.com Tue May 10 07:17:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 09:17:06 +0200 (CEST) Subject: SUSE-SU-2022:1591-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2) Message-ID: <20220510071706.4B9D2F7B4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1591-1 Rating: important References: #1195950 #1198133 Cross-References: CVE-2022-0330 CVE-2022-1158 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_64 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1591=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_64-default-16-150200.2.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-16-150200.2.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-16-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1195950 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Tue May 10 07:17:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 09:17:49 +0200 (CEST) Subject: SUSE-OU-2022:1594-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220510071749.C20AFF7B4@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1594-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: stoken Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1594=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1594=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1594=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1594=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1594=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1594=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libstoken1-0.81-150000.3.2.1 libstoken1-debuginfo-0.81-150000.3.2.1 stoken-0.81-150000.3.2.1 stoken-debuginfo-0.81-150000.3.2.1 stoken-debugsource-0.81-150000.3.2.1 stoken-devel-0.81-150000.3.2.1 stoken-gui-0.81-150000.3.2.1 stoken-gui-debuginfo-0.81-150000.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libstoken1-0.81-150000.3.2.1 libstoken1-debuginfo-0.81-150000.3.2.1 stoken-0.81-150000.3.2.1 stoken-debuginfo-0.81-150000.3.2.1 stoken-debugsource-0.81-150000.3.2.1 stoken-devel-0.81-150000.3.2.1 stoken-gui-0.81-150000.3.2.1 stoken-gui-debuginfo-0.81-150000.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libstoken1-0.81-150000.3.2.1 libstoken1-debuginfo-0.81-150000.3.2.1 stoken-debuginfo-0.81-150000.3.2.1 stoken-debugsource-0.81-150000.3.2.1 stoken-devel-0.81-150000.3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libstoken1-0.81-150000.3.2.1 libstoken1-debuginfo-0.81-150000.3.2.1 stoken-debuginfo-0.81-150000.3.2.1 stoken-debugsource-0.81-150000.3.2.1 stoken-devel-0.81-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libstoken1-0.81-150000.3.2.1 libstoken1-debuginfo-0.81-150000.3.2.1 stoken-debuginfo-0.81-150000.3.2.1 stoken-debugsource-0.81-150000.3.2.1 stoken-devel-0.81-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libstoken1-0.81-150000.3.2.1 libstoken1-debuginfo-0.81-150000.3.2.1 stoken-debuginfo-0.81-150000.3.2.1 stoken-debugsource-0.81-150000.3.2.1 stoken-devel-0.81-150000.3.2.1 stoken-gui-0.81-150000.3.2.1 References: From sle-updates at lists.suse.com Tue May 10 07:18:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 09:18:24 +0200 (CEST) Subject: SUSE-RU-2022:1595-1: important: Recommended update for libnss_nis Message-ID: <20220510071824.7BF66F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnss_nis ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1595-1 Rating: important References: #1197768 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libnss_nis fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197768) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1595=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1595=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1595=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1595=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1595=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnss_nis-debugsource-3.0-150000.3.3.1 libnss_nis2-3.0-150000.3.3.1 libnss_nis2-debuginfo-3.0-150000.3.3.1 - openSUSE Leap 15.4 (x86_64): libnss_nis2-32bit-3.0-150000.3.3.1 libnss_nis2-32bit-debuginfo-3.0-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libnss_nis-debugsource-3.0-150000.3.3.1 libnss_nis2-3.0-150000.3.3.1 libnss_nis2-debuginfo-3.0-150000.3.3.1 - openSUSE Leap 15.3 (x86_64): libnss_nis2-32bit-3.0-150000.3.3.1 libnss_nis2-32bit-debuginfo-3.0-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libnss_nis-debugsource-3.0-150000.3.3.1 libnss_nis2-3.0-150000.3.3.1 libnss_nis2-32bit-3.0-150000.3.3.1 libnss_nis2-32bit-debuginfo-3.0-150000.3.3.1 libnss_nis2-debuginfo-3.0-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libnss_nis-debugsource-3.0-150000.3.3.1 libnss_nis2-3.0-150000.3.3.1 libnss_nis2-debuginfo-3.0-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libnss_nis2-32bit-3.0-150000.3.3.1 libnss_nis2-32bit-debuginfo-3.0-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libnss_nis-debugsource-3.0-150000.3.3.1 libnss_nis2-3.0-150000.3.3.1 libnss_nis2-debuginfo-3.0-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libnss_nis2-32bit-3.0-150000.3.3.1 libnss_nis2-32bit-debuginfo-3.0-150000.3.3.1 References: https://bugzilla.suse.com/1197768 From sle-updates at lists.suse.com Tue May 10 07:19:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 09:19:07 +0200 (CEST) Subject: SUSE-SU-2022:1593-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20220510071907.BA161F7B4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1593-1 Rating: important References: #1195951 #1197344 Cross-References: CVE-2022-1011 CVE-2022-22942 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes several issues. The following security issues were fixed: - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (bsc#1197344) - - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195951) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1593=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-2-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-22942.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Tue May 10 13:17:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 15:17:25 +0200 (CEST) Subject: SUSE-SU-2022:1598-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15) Message-ID: <20220510131725.5B07AFDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1598-1 Rating: important References: #1197211 #1197344 Cross-References: CVE-2021-39713 CVE-2022-1011 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_89 fixes several issues. The following security issues were fixed: - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bsc#1197211) - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1609=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1598=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-2-150000.2.1 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-2-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_96-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1011.html https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Tue May 10 16:17:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 18:17:47 +0200 (CEST) Subject: SUSE-SU-2022:1617-1: important: Security update for gzip Message-ID: <20220510161747.53A5AFDFC@maintenance.suse.de> SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1617-1 Rating: important References: #1198062 #1198922 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1617=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1617=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1617=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1617=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1617=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1617=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1617=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1617=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1617=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1617=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1617=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1617=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1617=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1617=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1617=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1617=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1617=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Manager Proxy 4.1 (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gzip-1.10-150200.10.1 gzip-debuginfo-1.10-150200.10.1 gzip-debugsource-1.10-150200.10.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 https://bugzilla.suse.com/1198922 From sle-updates at lists.suse.com Tue May 10 16:18:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 18:18:34 +0200 (CEST) Subject: SUSE-SU-2022:1611-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP5) Message-ID: <20220510161834.CF519FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1611-1 Rating: important References: #1197344 Cross-References: CVE-2022-1011 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_116 fixes one issue. The following security issue was fixed: - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1611=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_116-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Tue May 10 19:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:17:09 +0200 (CEST) Subject: SUSE-RU-2022:1625-1: moderate: Recommended update for python-python3-saml Message-ID: <20220510191709.2B735FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-python3-saml ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1625-1 Rating: moderate References: #1197846 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-python3-saml fixes the following issues: - Update expiry dates for responses. (bsc#1197846) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1625=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1625=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1625=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1625=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1625=1 Package List: - openSUSE Leap 15.4 (noarch): python2-python3-saml-1.7.0-150200.3.3.2 python3-python3-saml-1.7.0-150200.3.3.2 - openSUSE Leap 15.3 (noarch): python2-python3-saml-1.7.0-150200.3.3.2 python3-python3-saml-1.7.0-150200.3.3.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): python3-python3-saml-1.7.0-150200.3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-python3-saml-1.7.0-150200.3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-python3-saml-1.7.0-150200.3.3.2 References: https://bugzilla.suse.com/1197846 From sle-updates at lists.suse.com Tue May 10 19:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:17:43 +0200 (CEST) Subject: SUSE-SU-2022:1634-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) Message-ID: <20220510191743.4E4F1FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1634-1 Rating: important References: #1196959 #1197344 #1198133 Cross-References: CVE-2021-39698 CVE-2022-1011 CVE-2022-1158 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (bsc#1197344) - - CVE-2021-39698: In aio_poll_complete_work of aio.c, there was a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1196959) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1634=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-2-150200.2.1 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-2-150200.2.1 kernel-livepatch-SLE15-SP2_Update_26-debugsource-2-150200.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197344 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Tue May 10 19:18:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:18:34 +0200 (CEST) Subject: SUSE-RU-2022:1627-1: moderate: Recommended update for cluster-glue Message-ID: <20220510191834.D1FD8FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1627-1 Rating: moderate References: #1197681 SLE-23490 SLE-23491 SLE-23492 SLE-23494 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains four features can now be installed. Description: This update for cluster-glue fixes the following issues: - Fix for comment in external ec2 (bsc#1197681) - Support IMDSv2 in EC2 stonith agent. (jsc#SLE-23490, jsc#SLE-23491, jsc#SLE-23492, jsc#SLE-23494) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1627=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1627=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1627=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1627=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1627=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-1627=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - openSUSE Leap 15.4 (x86_64): libglue-devel-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - openSUSE Leap 15.3 (x86_64): libglue-devel-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-32bit-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-32bit-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 cluster-glue-debugsource-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue-devel-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 libglue2-debuginfo-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 References: https://bugzilla.suse.com/1197681 From sle-updates at lists.suse.com Tue May 10 19:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:19:17 +0200 (CEST) Subject: SUSE-SU-2022:1629-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP2) Message-ID: <20220510191917.A8A08FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1629-1 Rating: important References: #1198133 Cross-References: CVE-2022-1158 CVSS scores: CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-24_102 fixes one issue. The following security issue was fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1629=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1630=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-6-150200.2.1 kernel-livepatch-5_3_18-24_102-default-debuginfo-6-150200.2.1 kernel-livepatch-5_3_18-24_107-default-5-150200.2.1 kernel-livepatch-5_3_18-24_107-default-debuginfo-5-150200.2.1 kernel-livepatch-SLE15-SP2_Update_24-debugsource-6-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-5-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Tue May 10 19:19:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:19:57 +0200 (CEST) Subject: SUSE-RU-2022:1624-1: moderate: Recommended update for cluster-glue Message-ID: <20220510191957.DCD67FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1624-1 Rating: moderate References: #1197681 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cluster-glue fixes the following issues: - Fix for comment in external ec2 (bsc#1197681) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1624=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1624=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-1624=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-1624=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cluster-glue-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debugsource-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue-devel-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue-devel-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debugsource-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue2-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue2-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debugsource-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue2-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue2-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-glue-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 cluster-glue-debugsource-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue2-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 libglue2-debuginfo-1.0.12+v1.git.1485976882.03d61cd1-3.17.1 References: https://bugzilla.suse.com/1197681 From sle-updates at lists.suse.com Tue May 10 19:20:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:20:36 +0200 (CEST) Subject: SUSE-RU-2022:1626-1: moderate: Recommended update for systemd Message-ID: <20220510192036.27729FDFC@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1626-1 Rating: moderate References: #1198090 #1198114 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1626=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1626=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1626=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1626=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1626=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libudev-devel-246.16-150300.7.45.1 nss-mymachines-246.16-150300.7.45.1 nss-mymachines-debuginfo-246.16-150300.7.45.1 nss-resolve-246.16-150300.7.45.1 nss-resolve-debuginfo-246.16-150300.7.45.1 systemd-logger-246.16-150300.7.45.1 - openSUSE Leap 15.4 (x86_64): libudev-devel-32bit-246.16-150300.7.45.1 nss-mymachines-32bit-246.16-150300.7.45.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.45.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.45.1 libsystemd0-debuginfo-246.16-150300.7.45.1 libudev-devel-246.16-150300.7.45.1 libudev1-246.16-150300.7.45.1 libudev1-debuginfo-246.16-150300.7.45.1 nss-myhostname-246.16-150300.7.45.1 nss-myhostname-debuginfo-246.16-150300.7.45.1 nss-mymachines-246.16-150300.7.45.1 nss-mymachines-debuginfo-246.16-150300.7.45.1 nss-resolve-246.16-150300.7.45.1 nss-resolve-debuginfo-246.16-150300.7.45.1 nss-systemd-246.16-150300.7.45.1 nss-systemd-debuginfo-246.16-150300.7.45.1 systemd-246.16-150300.7.45.1 systemd-container-246.16-150300.7.45.1 systemd-container-debuginfo-246.16-150300.7.45.1 systemd-coredump-246.16-150300.7.45.1 systemd-coredump-debuginfo-246.16-150300.7.45.1 systemd-debuginfo-246.16-150300.7.45.1 systemd-debugsource-246.16-150300.7.45.1 systemd-devel-246.16-150300.7.45.1 systemd-doc-246.16-150300.7.45.1 systemd-journal-remote-246.16-150300.7.45.1 systemd-journal-remote-debuginfo-246.16-150300.7.45.1 systemd-logger-246.16-150300.7.45.1 systemd-network-246.16-150300.7.45.1 systemd-network-debuginfo-246.16-150300.7.45.1 systemd-sysvinit-246.16-150300.7.45.1 udev-246.16-150300.7.45.1 udev-debuginfo-246.16-150300.7.45.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.45.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.45.1 libsystemd0-32bit-debuginfo-246.16-150300.7.45.1 libudev-devel-32bit-246.16-150300.7.45.1 libudev1-32bit-246.16-150300.7.45.1 libudev1-32bit-debuginfo-246.16-150300.7.45.1 nss-myhostname-32bit-246.16-150300.7.45.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.45.1 nss-mymachines-32bit-246.16-150300.7.45.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.45.1 systemd-32bit-246.16-150300.7.45.1 systemd-32bit-debuginfo-246.16-150300.7.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.45.1 libsystemd0-debuginfo-246.16-150300.7.45.1 libudev-devel-246.16-150300.7.45.1 libudev1-246.16-150300.7.45.1 libudev1-debuginfo-246.16-150300.7.45.1 systemd-246.16-150300.7.45.1 systemd-container-246.16-150300.7.45.1 systemd-container-debuginfo-246.16-150300.7.45.1 systemd-coredump-246.16-150300.7.45.1 systemd-coredump-debuginfo-246.16-150300.7.45.1 systemd-debuginfo-246.16-150300.7.45.1 systemd-debugsource-246.16-150300.7.45.1 systemd-devel-246.16-150300.7.45.1 systemd-doc-246.16-150300.7.45.1 systemd-journal-remote-246.16-150300.7.45.1 systemd-journal-remote-debuginfo-246.16-150300.7.45.1 systemd-sysvinit-246.16-150300.7.45.1 udev-246.16-150300.7.45.1 udev-debuginfo-246.16-150300.7.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.45.1 libsystemd0-32bit-debuginfo-246.16-150300.7.45.1 libudev1-32bit-246.16-150300.7.45.1 libudev1-32bit-debuginfo-246.16-150300.7.45.1 systemd-32bit-246.16-150300.7.45.1 systemd-32bit-debuginfo-246.16-150300.7.45.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.45.1 libsystemd0-debuginfo-246.16-150300.7.45.1 libudev1-246.16-150300.7.45.1 libudev1-debuginfo-246.16-150300.7.45.1 systemd-246.16-150300.7.45.1 systemd-container-246.16-150300.7.45.1 systemd-container-debuginfo-246.16-150300.7.45.1 systemd-debuginfo-246.16-150300.7.45.1 systemd-debugsource-246.16-150300.7.45.1 systemd-journal-remote-246.16-150300.7.45.1 systemd-journal-remote-debuginfo-246.16-150300.7.45.1 systemd-sysvinit-246.16-150300.7.45.1 udev-246.16-150300.7.45.1 udev-debuginfo-246.16-150300.7.45.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.45.1 libsystemd0-debuginfo-246.16-150300.7.45.1 libudev1-246.16-150300.7.45.1 libudev1-debuginfo-246.16-150300.7.45.1 systemd-246.16-150300.7.45.1 systemd-container-246.16-150300.7.45.1 systemd-container-debuginfo-246.16-150300.7.45.1 systemd-debuginfo-246.16-150300.7.45.1 systemd-debugsource-246.16-150300.7.45.1 systemd-journal-remote-246.16-150300.7.45.1 systemd-journal-remote-debuginfo-246.16-150300.7.45.1 systemd-sysvinit-246.16-150300.7.45.1 udev-246.16-150300.7.45.1 udev-debuginfo-246.16-150300.7.45.1 References: https://bugzilla.suse.com/1198090 https://bugzilla.suse.com/1198114 From sle-updates at lists.suse.com Tue May 10 19:21:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2022 21:21:32 +0200 (CEST) Subject: SUSE-SU-2022:1605-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) Message-ID: <20220510192132.5880CFDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1605-1 Rating: important References: #1195950 #1198133 Cross-References: CVE-2022-0330 CVE-2022-1158 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1601=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1614=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1620=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1621=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1623=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1631=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1632=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1633=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1635=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1603=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1604=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1605=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1610=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1612=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1615=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1618=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1619=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1622=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-16-150200.3.1 kernel-livepatch-5_3_18-57-default-debuginfo-16-150200.3.1 kernel-livepatch-5_3_18-59_10-default-14-150300.2.1 kernel-livepatch-5_3_18-59_10-default-debuginfo-14-150300.2.1 kernel-livepatch-5_3_18-59_13-default-14-150300.2.1 kernel-livepatch-5_3_18-59_13-default-debuginfo-14-150300.2.1 kernel-livepatch-5_3_18-59_16-default-13-150300.2.1 kernel-livepatch-5_3_18-59_16-default-debuginfo-13-150300.2.1 kernel-livepatch-5_3_18-59_19-default-12-150300.2.1 kernel-livepatch-5_3_18-59_19-default-debuginfo-12-150300.2.1 kernel-livepatch-5_3_18-59_24-default-10-150300.2.1 kernel-livepatch-5_3_18-59_24-default-debuginfo-10-150300.2.1 kernel-livepatch-5_3_18-59_27-default-10-150300.2.1 kernel-livepatch-5_3_18-59_27-default-debuginfo-10-150300.2.1 kernel-livepatch-5_3_18-59_34-default-9-150300.2.1 kernel-livepatch-5_3_18-59_34-default-debuginfo-9-150300.2.1 kernel-livepatch-5_3_18-59_5-default-14-150300.2.1 kernel-livepatch-5_3_18-59_5-default-debuginfo-14-150300.2.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-16-150200.3.1 kernel-livepatch-SLE15-SP3_Update_1-debugsource-14-150300.2.1 kernel-livepatch-SLE15-SP3_Update_2-debugsource-14-150300.2.1 kernel-livepatch-SLE15-SP3_Update_3-debugsource-14-150300.2.1 kernel-livepatch-SLE15-SP3_Update_4-debugsource-13-150300.2.1 kernel-livepatch-SLE15-SP3_Update_5-debugsource-12-150300.2.1 kernel-livepatch-SLE15-SP3_Update_6-debugsource-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_7-debugsource-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_9-debugsource-9-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-14-150200.2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-14-150200.2.1 kernel-livepatch-5_3_18-24_67-default-14-150200.2.1 kernel-livepatch-5_3_18-24_67-default-debuginfo-14-150200.2.1 kernel-livepatch-5_3_18-24_70-default-14-150200.2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-14-150200.2.1 kernel-livepatch-5_3_18-24_75-default-13-150200.2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-13-150200.2.1 kernel-livepatch-5_3_18-24_78-default-12-150200.2.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-12-150200.2.1 kernel-livepatch-5_3_18-24_83-default-10-150200.2.1 kernel-livepatch-5_3_18-24_83-default-debuginfo-10-150200.2.1 kernel-livepatch-5_3_18-24_86-default-10-150200.2.1 kernel-livepatch-5_3_18-24_86-default-debuginfo-10-150200.2.1 kernel-livepatch-5_3_18-24_93-default-9-150200.2.1 kernel-livepatch-5_3_18-24_93-default-debuginfo-9-150200.2.1 kernel-livepatch-5_3_18-24_96-default-8-150200.2.1 kernel-livepatch-5_3_18-24_96-default-debuginfo-8-150200.2.1 kernel-livepatch-SLE15-SP2_Update_14-debugsource-14-150200.2.1 kernel-livepatch-SLE15-SP2_Update_15-debugsource-14-150200.2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-14-150200.2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-13-150200.2.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-12-150200.2.1 kernel-livepatch-SLE15-SP2_Update_19-debugsource-10-150200.2.1 kernel-livepatch-SLE15-SP2_Update_20-debugsource-10-150200.2.1 kernel-livepatch-SLE15-SP2_Update_21-debugsource-9-150200.2.1 kernel-livepatch-SLE15-SP2_Update_22-debugsource-8-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1195950 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Tue May 10 22:18:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 00:18:40 +0200 (CEST) Subject: SUSE-SU-2022:1589-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) Message-ID: <20220510221840.B29F5FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1589-1 Rating: important References: #1195950 Cross-References: CVE-2022-0330 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_102 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1589=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1590=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1592=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1602=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1608=1 SUSE-SLE-Module-Live-Patching-15-2022-1613=1 SUSE-SLE-Module-Live-Patching-15-2022-1636=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1596=1 SUSE-SLE-Live-Patching-12-SP5-2022-1599=1 SUSE-SLE-Live-Patching-12-SP5-2022-1600=1 SUSE-SLE-Live-Patching-12-SP5-2022-1607=1 SUSE-SLE-Live-Patching-12-SP5-2022-1628=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1606=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-8-150100.2.1 kernel-livepatch-4_12_14-197_89-default-16-150100.2.1 kernel-livepatch-4_12_14-197_92-default-15-150100.2.1 kernel-livepatch-4_12_14-197_99-default-13-150100.2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_72-default-16-150000.2.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-16-150000.2.1 kernel-livepatch-4_12_14-150_75-default-13-150000.2.1 kernel-livepatch-4_12_14-150_75-default-debuginfo-13-150000.2.1 kernel-livepatch-4_12_14-150_78-default-8-150000.2.1 kernel-livepatch-4_12_14-150_78-default-debuginfo-8-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_71-default-16-2.1 kgraft-patch-4_12_14-122_74-default-14-2.1 kgraft-patch-4_12_14-122_80-default-13-2.1 kgraft-patch-4_12_14-122_83-default-12-2.1 kgraft-patch-4_12_14-122_88-default-10-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_74-default-16-2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1195950 From sle-updates at lists.suse.com Wed May 11 07:35:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:35:56 +0200 (CEST) Subject: SUSE-CU-2022:952-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220511073556.46599F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:952-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-19.9 , bci/dotnet-aspnet:3.1.24 , bci/dotnet-aspnet:3.1.24-19.9 Container Release : 19.9 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:37:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:37:35 +0200 (CEST) Subject: SUSE-CU-2022:953-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220511073735.5EE9BF790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:953-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-15.46 , bci/dotnet-aspnet:5.0.16 , bci/dotnet-aspnet:5.0.16-15.46 Container Release : 15.46 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:39:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:39:38 +0200 (CEST) Subject: SUSE-CU-2022:954-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220511073938.C4A6AF790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:954-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-17.9 , bci/dotnet-aspnet:6.0.4 , bci/dotnet-aspnet:6.0.4-17.9 , bci/dotnet-aspnet:latest Container Release : 17.9 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:41:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:41:42 +0200 (CEST) Subject: SUSE-CU-2022:955-1: Recommended update of bci/dotnet-sdk Message-ID: <20220511074142.5CDE0F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:955-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-25.9 , bci/dotnet-sdk:3.1.24 , bci/dotnet-sdk:3.1.24-25.9 Container Release : 25.9 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:43:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:43:39 +0200 (CEST) Subject: SUSE-CU-2022:956-1: Recommended update of bci/dotnet-sdk Message-ID: <20220511074339.3A2C9F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:956-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-23.47 , bci/dotnet-sdk:5.0.16 , bci/dotnet-sdk:5.0.16-23.47 Container Release : 23.47 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:45:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:45:38 +0200 (CEST) Subject: SUSE-CU-2022:957-1: Recommended update of bci/dotnet-sdk Message-ID: <20220511074538.1AE70F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:957-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-15.9 , bci/dotnet-sdk:6.0.4 , bci/dotnet-sdk:6.0.4-15.9 , bci/dotnet-sdk:latest Container Release : 15.9 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:47:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:47:21 +0200 (CEST) Subject: SUSE-CU-2022:958-1: Recommended update of bci/dotnet-runtime Message-ID: <20220511074721.0C02FF790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:958-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-27.9 , bci/dotnet-runtime:3.1.24 , bci/dotnet-runtime:3.1.24-27.9 Container Release : 27.9 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:49:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:49:12 +0200 (CEST) Subject: SUSE-CU-2022:959-1: Recommended update of bci/dotnet-runtime Message-ID: <20220511074912.12060F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:959-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-22.46 , bci/dotnet-runtime:5.0.16 , bci/dotnet-runtime:5.0.16-22.46 Container Release : 22.46 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:51:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:51:09 +0200 (CEST) Subject: SUSE-CU-2022:960-1: Recommended update of bci/dotnet-runtime Message-ID: <20220511075109.A71AFF790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:960-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-16.9 , bci/dotnet-runtime:6.0.4 , bci/dotnet-runtime:6.0.4-16.9 , bci/dotnet-runtime:latest Container Release : 16.9 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 07:55:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 09:55:47 +0200 (CEST) Subject: SUSE-CU-2022:961-1: Security update of bci/bci-init Message-ID: <20220511075547.42AAAF790@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:961-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.14.12 , bci/bci-init:latest Container Release : 14.12 Severity : important Type : security References : 1198062 1198090 1198114 1198922 CVE-2022-1271 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - gzip-1.10-150200.10.1 updated - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - systemd-246.16-150300.7.45.1 updated - udev-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:02:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:02:41 +0200 (CEST) Subject: SUSE-CU-2022:963-1: Recommended update of bci/nodejs Message-ID: <20220511080241.5F2CDF790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:963-1 Container Tags : bci/node:12 , bci/node:12-16.13 , bci/nodejs:12 , bci/nodejs:12-16.13 Container Release : 16.13 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:06:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:06:30 +0200 (CEST) Subject: SUSE-CU-2022:964-1: Recommended update of bci/nodejs Message-ID: <20220511080630.DC643F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:964-1 Container Tags : bci/node:14 , bci/node:14-19.11 , bci/nodejs:14 , bci/nodejs:14-19.11 Container Release : 19.11 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:09:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:09:23 +0200 (CEST) Subject: SUSE-CU-2022:965-1: Recommended update of bci/nodejs Message-ID: <20220511080923.6EFFBF790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:965-1 Container Tags : bci/node:16 , bci/node:16-7.13 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-7.13 , bci/nodejs:latest Container Release : 7.13 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:16:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:16:16 +0200 (CEST) Subject: SUSE-CU-2022:966-1: Recommended update of bci/openjdk-devel Message-ID: <20220511081616.360CBF790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:966-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.27 , bci/openjdk-devel:latest Container Release : 17.27 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:openjdk-11-image-15.3.0-17.13 updated From sle-updates at lists.suse.com Wed May 11 08:21:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:21:41 +0200 (CEST) Subject: SUSE-CU-2022:967-1: Security update of bci/openjdk Message-ID: <20220511082141.C13FBF790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:967-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-17.13 , bci/openjdk:latest Container Release : 17.13 Severity : moderate Type : security References : 1094832 1146299 1184123 1198090 1198114 974847 CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1565-1 Released: Fri May 6 17:09:36 2022 Summary: Security update for giflib Type: security Severity: moderate References: 1094832,1146299,1184123,974847,CVE-2016-3977,CVE-2018-11490,CVE-2019-15133 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libgif7-5.2.1-150000.4.8.1 updated - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:25:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:25:03 +0200 (CEST) Subject: SUSE-CU-2022:968-1: Recommended update of bci/python Message-ID: <20220511082503.39B47F790@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:968-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-15.11 Container Release : 15.11 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:27:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:27:59 +0200 (CEST) Subject: SUSE-CU-2022:969-1: Security update of bci/python Message-ID: <20220511082759.4F3B0F790@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:969-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-17.3 , bci/python:latest Container Release : 17.3 Severity : important Type : security References : 1181400 1186819 1189241 1189287 1189356 1193179 1198090 1198114 1198234 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 CVE-2022-24765 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1485-1 Released: Mon May 2 16:47:41 2022 Summary: Security update for python39 Type: security Severity: moderate References: 1186819,1189241,1189287,1189356,1193179,CVE-2021-3572,CVE-2021-3733,CVE-2021-3737 This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). - Update to 3.9.10 (jsc#SLE-23849) - Remove shebangs from from python-base libraries in _libdir. (bsc#1193179) - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. + bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. + bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. + bpo-45167: Fix deepcopying of types.GenericAlias objects. + bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. + bpo-44959: Added fallback to extension modules with '.sl' suffix on HP-UX + bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. + bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it's called directly or via super(). Patch provided by Yurii Karabas. + bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. + bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. + Library + bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. + bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. + bpo-45438: Fix typing.Signature string representation for generic builtin types. + bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. + bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. + bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. + bpo-45467: Fix incremental decoder and stream reader in the 'raw-unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45461: Fix incremental decoder and stream reader in the 'unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. + bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. + bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :'func:inspect.getabsfile, and return None to indicate that the module could not be determined. + bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop + bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. + bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. + bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. + bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 + bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner. + bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don't support the TCP_NODELAY socket option. + bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit. + bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner. + bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks. + bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator. + bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults. + bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError + bpo-45228: Fix stack buffer overflow in parsing J1939 network address. + bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol. + bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice. + bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state. + bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef. + bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument. + bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas. + bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container. + bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module + bpo-45030: Fix integer overflow in pickling and copying the range iterator. + bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction. + bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight. * Documentation + bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod. + bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood. + bpo-45655: Add a new 'relevant PEPs' section to the top of the documentation for the typing module. Patch by Alex Waygood. + bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs. + bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility. + bpo-45449: Add note about PEP 585 in collections.abc. + bpo-45516: Add protocol description to the importlib.abc.Traversable documentation. + bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal. + bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places. + bpo-45772: socket.socket documentation is corrected to a class from a function. + bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor. * Tests + bpo-45578: Add tests for dis.distb() + bpo-45577: Add subtests for all pickle protocols in test_zoneinfo. + bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS. + bpo-40173: Fix test.support.import_helper.import_fresh_module(). + bpo-45280: Add a test case for empty typing.NamedTuple. + bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder. + bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination + bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. Patch by Victor Stinner. + bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec(). + bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time. + bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments. + bpo-45765: In importlib.metadata, fix distribution discovery for an empty path. + bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling. * Build + bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux's libuuid, too. + bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules. + bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon. + bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman. + bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building. * C API + bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered. + bpo-44751: Remove crypt.h include from the public Python.h header. - rpm-build-python dependency is available on the current Factory, not with SLE. - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. - Update to 3.9.7: - Security - Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files. - Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - Core and Builtins - Fixed pickling of range iterators that iterated for over 2**32 times. - Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run - Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way. - Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo. - Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex. - Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo - Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END). - Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo. - Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain. - Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo. - Fix undefined behaviour in complex object exponentiation. - Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias. - Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo. - Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo - Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner. - Fix crash when using passing a non-exception to a generator's throw() method. Patch by Noah Oxer - Library - run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator. - Fix bugs in cleaning up classes and modules in unittest: - Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module. - Functions registered with addClassCleanup() were not called if tearDownClass is set to None. - Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup(). - Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes. - Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order. - And several lesser bugs. - Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. - Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner. - Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator. - argparse.BooleanOptionalAction's default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter. - Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0 - Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner. - The @functools.total_ordering() decorator now works with metaclasses. - sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland. - Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep() - Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes. - The tokenize.tokenize() doesn't incorrectly generate a NEWLINE token if the source doesn't end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo - Fix http.client.HTTPSConnection fails to download >2GiB data. - rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method. - weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing. - The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__(). - Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan H?lzl. - Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong. - Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple. - Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected. - handle StopIteration subclass raised from @contextlib.contextmanager generator - Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na. - Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules. - Fix bug with pdb's handling of import error due to a package which does not have a __main__ module - Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage. - pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons. - Handle exceptions from parsing the arg of pdb's run/restart command. - The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland. - Improved string handling for sqlite3 user-defined functions and aggregates: - It is now possible to pass strings with embedded null characters to UDFs - Conversion failures now correctly raise MemoryError - Patch by Erlend E. Aasland. - Handle RecursionError in TracebackException's constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail. - Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding. - The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested. - Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038. - Fix test___all__ on platforms lacking a shared memory implementation. - Pass multiprocessing BaseProxy argument manager_owned through AutoProxy. - email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz. - lib2to3 now recognizes async generators everywhere. - Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile. - Documentation - Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I've added links to the Python Wiki page on GUI frameworks. - Update the definition of __future__ in the glossary by replacing the confusing word 'pseudo-module' with a more accurate description. - Add typical examples to os.path.splitext docs - Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory. - Update of three expired hyperlinks in Doc/distributing/index.rst: 'Project structure', 'Building and packaging the project', and 'Uploading the project to the Python Packaging Index'. - Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg. - Match the docstring and python implementation of countOf() to the behavior of its c implementation. - List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation. - Clarify that atexit uses equality comparisons internally. - Documentation of csv.Dialect is more descriptive. - Fix documentation for the return type of sysconfig.get_path(). - Add a 'Security Considerations' index which links to standard library modules that have explicitly documented security considerations. - Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c, - Tests - Add calls of gc.collect() in tests to support PyPy. - Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka. - Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don't expect it in the output. - Add ability to wholesale silence DeprecationWarnings while running the regression test suite. - Notify users running test_decimal regression tests on macOS of potential harmless 'malloc can't allocate region' messages spewed by test_decimal. - Fixed floating point precision issue in turtle tests. - Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file. - Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy - Add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - git-core-2.35.3-150300.10.12.1 updated - libpython3_9-1_0-3.9.10-150300.4.8.1 updated - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - python39-base-3.9.10-150300.4.8.1 updated - python39-3.9.10-150300.4.8.2 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:32:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:32:39 +0200 (CEST) Subject: SUSE-CU-2022:970-1: Recommended update of bci/ruby Message-ID: <20220511083239.74749F790@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:970-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.3 , bci/ruby:latest Container Release : 18.3 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Wed May 11 08:44:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:44:50 +0200 (CEST) Subject: SUSE-CU-2022:971-1: Recommended update of suse/sle15 Message-ID: <20220511084450.BE329F7B4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:971-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.14.10 , suse/sle15:15.3 , suse/sle15:15.3.17.14.10 Container Release : 17.14.10 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated From sle-updates at lists.suse.com Wed May 11 08:45:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 10:45:56 +0200 (CEST) Subject: SUSE-CU-2022:972-1: Security update of bci/bci-init Message-ID: <20220511084556.46D43F7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:972-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.15.2 Container Release : 15.2 Severity : important Type : security References : 1198062 1198922 CVE-2022-1271 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) The following package changes have been done: - sles-release-15.4-150400.53.6 updated - gzip-1.10-150200.10.1 updated - container:sles15-image-15.0.0-26.2.16 updated From sle-updates at lists.suse.com Wed May 11 13:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 15:16:52 +0200 (CEST) Subject: SUSE-SU-2022:1641-1: important: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP3) Message-ID: <20220511131652.7960FFDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1641-1 Rating: important References: #1182294 #1197211 #1197344 Cross-References: CVE-2021-28688 CVE-2021-39713 CVE-2022-1011 CVSS scores: CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_161 fixes several issues. The following security issues were fixed: - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bsc#1197211) - CVE-2021-28688: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11 (bsc#1182294) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1641=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1641=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_161-default-2-2.1 kgraft-patch-4_4_180-94_161-default-debuginfo-2-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_161-default-2-2.1 kgraft-patch-4_4_180-94_161-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1011.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Wed May 11 13:17:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 15:17:40 +0200 (CEST) Subject: SUSE-SU-2022:1637-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP2) Message-ID: <20220511131740.81E8CFDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1637-1 Rating: important References: #1195950 #1198133 Cross-References: CVE-2022-0330 CVE-2022-1158 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1158 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_99 fixes several issues. The following security issues were fixed: - - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1198133) - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1637=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_99-default-7-150200.2.1 kernel-livepatch-5_3_18-24_99-default-debuginfo-7-150200.2.1 kernel-livepatch-SLE15-SP2_Update_23-debugsource-7-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://www.suse.com/security/cve/CVE-2022-1158.html https://bugzilla.suse.com/1195950 https://bugzilla.suse.com/1198133 From sle-updates at lists.suse.com Wed May 11 13:18:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 15:18:24 +0200 (CEST) Subject: SUSE-SU-2022:1640-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) Message-ID: <20220511131824.23FF3FDFC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1640-1 Rating: important References: #1195950 Cross-References: CVE-2022-0330 CVSS scores: CVE-2022-0330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0330 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_150 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1638=1 SUSE-SLE-SAP-12-SP3-2022-1639=1 SUSE-SLE-SAP-12-SP3-2022-1640=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1638=1 SUSE-SLE-SERVER-12-SP3-2022-1639=1 SUSE-SLE-SERVER-12-SP3-2022-1640=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_144-default-15-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-15-2.1 kgraft-patch-4_4_180-94_147-default-12-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-12-2.1 kgraft-patch-4_4_180-94_150-default-8-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-8-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_144-default-15-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-15-2.1 kgraft-patch-4_4_180-94_147-default-12-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-12-2.1 kgraft-patch-4_4_180-94_150-default-8-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-8-2.1 References: https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1195950 From sle-updates at lists.suse.com Wed May 11 16:16:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2022 18:16:05 +0200 (CEST) Subject: SUSE-RU-2022:1642-1: moderate: Recommended update for u-boot Message-ID: <20220511161605.8C866F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1642-1 Rating: moderate References: #1197627 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for u-boot fixes the following issue: - Fix USB stall that causes reboot with some devices on RPi (bsc#1197627) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1642=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1642=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.7.1 u-boot-tools-debuginfo-2021.01-150300.7.7.1 - openSUSE Leap 15.3 (aarch64): u-boot-avnetultra96rev1-2021.01-150300.7.7.1 u-boot-avnetultra96rev1-doc-2021.01-150300.7.7.1 u-boot-bananapim64-2021.01-150300.7.7.1 u-boot-bananapim64-doc-2021.01-150300.7.7.1 u-boot-dragonboard410c-2021.01-150300.7.7.1 u-boot-dragonboard410c-doc-2021.01-150300.7.7.1 u-boot-dragonboard820c-2021.01-150300.7.7.1 u-boot-dragonboard820c-doc-2021.01-150300.7.7.1 u-boot-evb-rk3399-2021.01-150300.7.7.1 u-boot-evb-rk3399-doc-2021.01-150300.7.7.1 u-boot-firefly-rk3399-2021.01-150300.7.7.1 u-boot-firefly-rk3399-doc-2021.01-150300.7.7.1 u-boot-geekbox-2021.01-150300.7.7.1 u-boot-geekbox-doc-2021.01-150300.7.7.1 u-boot-hikey-2021.01-150300.7.7.1 u-boot-hikey-doc-2021.01-150300.7.7.1 u-boot-khadas-vim-2021.01-150300.7.7.1 u-boot-khadas-vim-doc-2021.01-150300.7.7.1 u-boot-khadas-vim2-2021.01-150300.7.7.1 u-boot-khadas-vim2-doc-2021.01-150300.7.7.1 u-boot-libretech-ac-2021.01-150300.7.7.1 u-boot-libretech-ac-doc-2021.01-150300.7.7.1 u-boot-libretech-cc-2021.01-150300.7.7.1 u-boot-libretech-cc-doc-2021.01-150300.7.7.1 u-boot-ls1012afrdmqspi-2021.01-150300.7.7.1 u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.7.1 u-boot-mvebudb-88f3720-2021.01-150300.7.7.1 u-boot-mvebudb-88f3720-doc-2021.01-150300.7.7.1 u-boot-mvebudbarmada8k-2021.01-150300.7.7.1 u-boot-mvebudbarmada8k-doc-2021.01-150300.7.7.1 u-boot-mvebuespressobin-88f3720-2021.01-150300.7.7.1 u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.7.1 u-boot-mvebumcbin-88f8040-2021.01-150300.7.7.1 u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.7.1 u-boot-nanopia64-2021.01-150300.7.7.1 u-boot-nanopia64-doc-2021.01-150300.7.7.1 u-boot-odroid-c2-2021.01-150300.7.7.1 u-boot-odroid-c2-doc-2021.01-150300.7.7.1 u-boot-odroid-c4-2021.01-150300.7.7.1 u-boot-odroid-c4-doc-2021.01-150300.7.7.1 u-boot-odroid-n2-2021.01-150300.7.7.1 u-boot-odroid-n2-doc-2021.01-150300.7.7.1 u-boot-orangepipc2-2021.01-150300.7.7.1 u-boot-orangepipc2-doc-2021.01-150300.7.7.1 u-boot-p2371-2180-2021.01-150300.7.7.1 u-boot-p2371-2180-doc-2021.01-150300.7.7.1 u-boot-p2771-0000-500-2021.01-150300.7.7.1 u-boot-p2771-0000-500-doc-2021.01-150300.7.7.1 u-boot-p3450-0000-2021.01-150300.7.7.1 u-boot-p3450-0000-doc-2021.01-150300.7.7.1 u-boot-pine64plus-2021.01-150300.7.7.1 u-boot-pine64plus-doc-2021.01-150300.7.7.1 u-boot-pinebook-2021.01-150300.7.7.1 u-boot-pinebook-doc-2021.01-150300.7.7.1 u-boot-pinebook-pro-rk3399-2021.01-150300.7.7.1 u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.7.1 u-boot-pineh64-2021.01-150300.7.7.1 u-boot-pineh64-doc-2021.01-150300.7.7.1 u-boot-pinephone-2021.01-150300.7.7.1 u-boot-pinephone-doc-2021.01-150300.7.7.1 u-boot-poplar-2021.01-150300.7.7.1 u-boot-poplar-doc-2021.01-150300.7.7.1 u-boot-rock-pi-4-rk3399-2021.01-150300.7.7.1 u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.7.1 u-boot-rock64-rk3328-2021.01-150300.7.7.1 u-boot-rock64-rk3328-doc-2021.01-150300.7.7.1 u-boot-rock960-rk3399-2021.01-150300.7.7.1 u-boot-rock960-rk3399-doc-2021.01-150300.7.7.1 u-boot-rockpro64-rk3399-2021.01-150300.7.7.1 u-boot-rockpro64-rk3399-doc-2021.01-150300.7.7.1 u-boot-rpi3-2021.01-150300.7.7.1 u-boot-rpi3-doc-2021.01-150300.7.7.1 u-boot-rpi4-2021.01-150300.7.7.1 u-boot-rpi4-doc-2021.01-150300.7.7.1 u-boot-rpiarm64-2021.01-150300.7.7.1 u-boot-rpiarm64-doc-2021.01-150300.7.7.1 u-boot-xilinxzynqmpvirt-2021.01-150300.7.7.1 u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.7.1 u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.7.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.7.1 u-boot-tools-debuginfo-2021.01-150300.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): u-boot-rpiarm64-2021.01-150300.7.7.1 u-boot-rpiarm64-doc-2021.01-150300.7.7.1 References: https://bugzilla.suse.com/1197627 From sle-updates at lists.suse.com Thu May 12 07:19:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 09:19:37 +0200 (CEST) Subject: SUSE-CU-2022:973-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20220512071937.67665F790@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:973-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.632 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.632 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1172427 1177047 1177460 1180713 1184501 1193489 1194172 1194642 1194848 1194883 1195251 1195628 1195899 1195999 1196061 1196093 1196107 1196275 1196317 1196368 1196406 1196514 1196925 1196939 1197024 1197134 1197297 1197459 1197788 1197903 1198062 1198062 1198237 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2022-1097 CVE-2022-1271 CVE-2022-1271 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - binutils-2.37-150100.7.29.1 updated - e2fsprogs-1.43.8-150000.4.29.1 updated - filesystem-15.0-11.8.1 updated - gzip-1.10-150000.4.12.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - libext2fs2-1.43.8-150000.4.29.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libquadmath0-11.2.1+git610-150000.1.6.6 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsoftokn3-3.68.3-150000.3.67.1 updated - libsolv-tools-0.7.22-150100.4.6.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libsystemd0-234-24.108.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150100.3.78.1 updated - mozilla-nss-certs-3.68.3-150000.3.67.1 updated - mozilla-nss-3.68.3-150000.3.67.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - pam-1.3.0-150000.6.55.3 updated - perl-base-5.26.1-150000.7.15.1 updated - psmisc-23.0-150000.6.22.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-234-24.108.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - util-linux-2.33.2-150100.4.21.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150100.3.55.2 updated - container:sles15-image-15.0.0-6.2.613 updated From sle-updates at lists.suse.com Thu May 12 07:25:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 09:25:59 +0200 (CEST) Subject: SUSE-CU-2022:975-1: Recommended update of bci/golang Message-ID: <20220512072559.AE9C7F790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:975-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-17.3 Container Release : 17.3 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.9 updated From sle-updates at lists.suse.com Thu May 12 07:32:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 09:32:41 +0200 (CEST) Subject: SUSE-CU-2022:976-1: Recommended update of bci/golang Message-ID: <20220512073241.F085AF790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:976-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-17.4 Container Release : 17.4 Severity : moderate Type : recommended References : 1198090 1198114 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() The following package changes have been done: - libsystemd0-246.16-150300.7.45.1 updated - libudev1-246.16-150300.7.45.1 updated - container:sles15-image-15.0.0-17.14.10 updated From sle-updates at lists.suse.com Thu May 12 10:17:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 12:17:33 +0200 (CEST) Subject: SUSE-RU-2022:1643-1: moderate: Recommended update for linuxrc Message-ID: <20220512101733.64DE8F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for linuxrc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1643-1 Rating: moderate References: #1196061 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for linuxrc fixes the following issues: - Do not leave repository mounted when starting yast (bsc#1196061) - Improve url logging function - Handle umount errors better - Check RAID devices for install repository (bsc#1196061) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1643=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1643=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): linuxrc-7.0.30.6-150300.3.9.1 linuxrc-debuginfo-7.0.30.6-150300.3.9.1 linuxrc-debugsource-7.0.30.6-150300.3.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): linuxrc-7.0.30.6-150300.3.9.1 linuxrc-debuginfo-7.0.30.6-150300.3.9.1 linuxrc-debugsource-7.0.30.6-150300.3.9.1 References: https://bugzilla.suse.com/1196061 From sle-updates at lists.suse.com Thu May 12 10:18:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 12:18:12 +0200 (CEST) Subject: SUSE-SU-2022:1644-1: important: Security update for clamav Message-ID: <20220512101812.E7A5FF7B4@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1644-1 Rating: important References: #1199242 #1199244 #1199245 #1199246 #1199274 Cross-References: CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 CVSS scores: CVE-2022-20770 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-20771 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-20785 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-20792 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-20796 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1644=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1644=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1644=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1644=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): clamav-0.103.6-150000.3.38.1 clamav-debuginfo-0.103.6-150000.3.38.1 clamav-debugsource-0.103.6-150000.3.38.1 clamav-devel-0.103.6-150000.3.38.1 libclamav9-0.103.6-150000.3.38.1 libclamav9-debuginfo-0.103.6-150000.3.38.1 libfreshclam2-0.103.6-150000.3.38.1 libfreshclam2-debuginfo-0.103.6-150000.3.38.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): clamav-0.103.6-150000.3.38.1 clamav-debuginfo-0.103.6-150000.3.38.1 clamav-debugsource-0.103.6-150000.3.38.1 clamav-devel-0.103.6-150000.3.38.1 libclamav9-0.103.6-150000.3.38.1 libclamav9-debuginfo-0.103.6-150000.3.38.1 libfreshclam2-0.103.6-150000.3.38.1 libfreshclam2-debuginfo-0.103.6-150000.3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): clamav-0.103.6-150000.3.38.1 clamav-debuginfo-0.103.6-150000.3.38.1 clamav-debugsource-0.103.6-150000.3.38.1 clamav-devel-0.103.6-150000.3.38.1 libclamav9-0.103.6-150000.3.38.1 libclamav9-debuginfo-0.103.6-150000.3.38.1 libfreshclam2-0.103.6-150000.3.38.1 libfreshclam2-debuginfo-0.103.6-150000.3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.103.6-150000.3.38.1 clamav-debuginfo-0.103.6-150000.3.38.1 clamav-debugsource-0.103.6-150000.3.38.1 clamav-devel-0.103.6-150000.3.38.1 libclamav9-0.103.6-150000.3.38.1 libclamav9-debuginfo-0.103.6-150000.3.38.1 libfreshclam2-0.103.6-150000.3.38.1 libfreshclam2-debuginfo-0.103.6-150000.3.38.1 References: https://www.suse.com/security/cve/CVE-2022-20770.html https://www.suse.com/security/cve/CVE-2022-20771.html https://www.suse.com/security/cve/CVE-2022-20785.html https://www.suse.com/security/cve/CVE-2022-20792.html https://www.suse.com/security/cve/CVE-2022-20796.html https://bugzilla.suse.com/1199242 https://bugzilla.suse.com/1199244 https://bugzilla.suse.com/1199245 https://bugzilla.suse.com/1199246 https://bugzilla.suse.com/1199274 From sle-updates at lists.suse.com Thu May 12 19:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 21:16:20 +0200 (CEST) Subject: SUSE-SU-2022:1651-1: important: Security update for the Linux Kernel Message-ID: <20220512191620.2691AF7B4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1651-1 Rating: important References: #1028340 #1065729 #1071995 #1084513 #1114648 #1121726 #1129770 #1137728 #1172456 #1183723 #1187055 #1191647 #1191958 #1194625 #1196018 #1196247 #1196657 #1196901 #1197075 #1197343 #1197663 #1197888 #1197914 #1198217 #1198228 #1198400 #1198413 #1198516 #1198660 #1198687 #1198742 #1198825 #1199012 Cross-References: CVE-2018-7755 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-38208 CVE-2021-43389 CVE-2022-1011 CVE-2022-1280 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-23960 CVE-2022-28748 CVSS scores: CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1280 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1280 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23960 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23960 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 20 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2022-1011: Fixed a use-after-free flaw inside the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation (bnc#1197343). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-23960: Fixed speculation issues in the Branch History Buffer that allowed an attacker to obtain sensitive information using cache allocation (bnc#1196657). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). The following non-security bugs were fixed: - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes) - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4: recover from pre-mature loss of openstateid (bsc#1196247). - NFSv4: Do not try to CLOSE if the stateid 'other' field has changed (bsc#1196247). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (bsc#1196247). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1196247). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1196247). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI/switchtec: Read all 64 bits of part_event_bitmap (git-fixes). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes). - PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 (git-fixes). - RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes) - RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes) - RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes) - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint (git-fixes) - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes) - arm64: drop linker script hack to hide __efistub_ symbols (git-fixes) - arm64: fix for bad_mode() handler to always result in panic (git-fixes) - arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes) - arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes) - arm64: kaslr: ensure randomized quantities are clean also when kaslr (git-fixes) - arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes) - arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes) - arm64: only advance singlestep for user instruction traps (git-fixes) - arm64: relocatable: fix inconsistencies in linker script and options (git-fixes) - ath10k: fix max antenna gain unit (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770) - bnx2x: fix napi API usage sequence (bsc#1198217). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes) - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - fbmem: do not allow too huge resolutions (bsc#1129770) - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: add correct exception tracing for XDP (git-fixes). - i40e: optimize for XDP_REDIRECT in xsk path (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - mxser: fix xmit_buf leak in activate when LSR == 0xff (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - parisc/sticon: fix reverse colors (bsc#1129770) - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - tcp: Fix potential use-after-free due to double kfree() (bsc#1197075). - tcp: fix race condition when creating child sockets from syncookies (bsc#1197075). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770) - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#1129770) - video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770) - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770) - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#1129770) - video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770) - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770) - video: fbdev: udlfb: properly check endpoint type (bsc#1129770) - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xen: fix is_xen_pmu() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1651=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.97.1 kernel-source-azure-4.12.14-16.97.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.97.1 kernel-azure-base-4.12.14-16.97.1 kernel-azure-base-debuginfo-4.12.14-16.97.1 kernel-azure-debuginfo-4.12.14-16.97.1 kernel-azure-debugsource-4.12.14-16.97.1 kernel-azure-devel-4.12.14-16.97.1 kernel-syms-azure-4.12.14-16.97.1 References: https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-20811.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2021-43389.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1280.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-23960.html https://www.suse.com/security/cve/CVE-2022-28748.html https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1172456 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1194625 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196247 https://bugzilla.suse.com/1196657 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197075 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197663 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197914 https://bugzilla.suse.com/1198217 https://bugzilla.suse.com/1198228 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198413 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1198825 https://bugzilla.suse.com/1199012 From sle-updates at lists.suse.com Thu May 12 19:19:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 21:19:29 +0200 (CEST) Subject: SUSE-SU-2022:1647-1: important: Security update for clamav Message-ID: <20220512191929.6C547F7B4@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1647-1 Rating: important References: #1199242 #1199244 #1199245 #1199246 #1199274 Cross-References: CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 CVSS scores: CVE-2022-20770 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-20771 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-20785 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-20792 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-20796 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1647=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): clamav-0.103.6-3.18.1 clamav-debuginfo-0.103.6-3.18.1 clamav-debugsource-0.103.6-3.18.1 References: https://www.suse.com/security/cve/CVE-2022-20770.html https://www.suse.com/security/cve/CVE-2022-20771.html https://www.suse.com/security/cve/CVE-2022-20785.html https://www.suse.com/security/cve/CVE-2022-20792.html https://www.suse.com/security/cve/CVE-2022-20796.html https://bugzilla.suse.com/1199242 https://bugzilla.suse.com/1199244 https://bugzilla.suse.com/1199245 https://bugzilla.suse.com/1199246 https://bugzilla.suse.com/1199274 From sle-updates at lists.suse.com Thu May 12 19:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 21:20:21 +0200 (CEST) Subject: SUSE-SU-2022:1654-1: important: Security update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification Message-ID: <20220512192021.D2D46F7B4@maintenance.suse.de> SUSE Security Update: Security update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1654-1 Rating: important References: #1186868 #1189390 #1197204 Cross-References: CVE-2021-22141 CVE-2021-38155 CVSS scores: CVE-2021-22141 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-38155 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification fixes the following issues: - CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868). - CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390). The following non-security bugs were fixed: - Fix smtp server authentication (bsc#1197204) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1654=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1654=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1654=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): documentation-suse-openstack-cloud-deployment-8.20211112-1.38.1 documentation-suse-openstack-cloud-supplement-8.20211112-1.38.1 documentation-suse-openstack-cloud-upstream-admin-8.20211112-1.38.1 documentation-suse-openstack-cloud-upstream-user-8.20211112-1.38.1 openstack-keystone-12.0.4~dev11-5.36.1 openstack-keystone-doc-12.0.4~dev11-5.36.1 openstack-monasca-notification-1.10.2~dev4-3.9.1 python-keystone-12.0.4~dev11-5.36.1 python-monasca-notification-1.10.2~dev4-3.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kibana-4.6.6-3.12.1 kibana-debuginfo-4.6.6-3.12.1 - SUSE OpenStack Cloud 8 (x86_64): kibana-4.6.6-3.12.1 kibana-debuginfo-4.6.6-3.12.1 - SUSE OpenStack Cloud 8 (noarch): documentation-suse-openstack-cloud-installation-8.20211112-1.38.1 documentation-suse-openstack-cloud-operations-8.20211112-1.38.1 documentation-suse-openstack-cloud-opsconsole-8.20211112-1.38.1 documentation-suse-openstack-cloud-planning-8.20211112-1.38.1 documentation-suse-openstack-cloud-security-8.20211112-1.38.1 documentation-suse-openstack-cloud-supplement-8.20211112-1.38.1 documentation-suse-openstack-cloud-upstream-admin-8.20211112-1.38.1 documentation-suse-openstack-cloud-upstream-user-8.20211112-1.38.1 documentation-suse-openstack-cloud-user-8.20211112-1.38.1 openstack-keystone-12.0.4~dev11-5.36.1 openstack-keystone-doc-12.0.4~dev11-5.36.1 openstack-monasca-notification-1.10.2~dev4-3.9.1 python-keystone-12.0.4~dev11-5.36.1 python-monasca-notification-1.10.2~dev4-3.9.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.45.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.45.1 - HPE Helion Openstack 8 (noarch): documentation-hpe-helion-openstack-installation-8.20211112-1.38.1 documentation-hpe-helion-openstack-operations-8.20211112-1.38.1 documentation-hpe-helion-openstack-opsconsole-8.20211112-1.38.1 documentation-hpe-helion-openstack-planning-8.20211112-1.38.1 documentation-hpe-helion-openstack-security-8.20211112-1.38.1 documentation-hpe-helion-openstack-user-8.20211112-1.38.1 openstack-keystone-12.0.4~dev11-5.36.1 openstack-keystone-doc-12.0.4~dev11-5.36.1 openstack-monasca-notification-1.10.2~dev4-3.9.1 python-keystone-12.0.4~dev11-5.36.1 python-monasca-notification-1.10.2~dev4-3.9.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.45.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.45.1 - HPE Helion Openstack 8 (x86_64): kibana-4.6.6-3.12.1 kibana-debuginfo-4.6.6-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-22141.html https://www.suse.com/security/cve/CVE-2021-38155.html https://bugzilla.suse.com/1186868 https://bugzilla.suse.com/1189390 https://bugzilla.suse.com/1197204 From sle-updates at lists.suse.com Thu May 12 19:21:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 21:21:08 +0200 (CEST) Subject: SUSE-SU-2022:1652-1: important: Security update for e2fsprogs Message-ID: <20220512192108.6B96BF7B4@maintenance.suse.de> SUSE Security Update: Security update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1652-1 Rating: important References: #1198446 Cross-References: CVE-2022-1304 CVSS scores: CVE-2022-1304 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1304 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1652=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1652=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1652=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1652=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1652=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1652=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1652=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 - SUSE OpenStack Cloud 8 (x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 - HPE Helion Openstack 8 (x86_64): e2fsprogs-1.42.11-16.9.1 e2fsprogs-debuginfo-1.42.11-16.9.1 e2fsprogs-debuginfo-32bit-1.42.11-16.9.1 e2fsprogs-debugsource-1.42.11-16.9.1 libcom_err2-1.42.11-16.9.1 libcom_err2-32bit-1.42.11-16.9.1 libcom_err2-debuginfo-1.42.11-16.9.1 libcom_err2-debuginfo-32bit-1.42.11-16.9.1 libext2fs2-1.42.11-16.9.1 libext2fs2-debuginfo-1.42.11-16.9.1 References: https://www.suse.com/security/cve/CVE-2022-1304.html https://bugzilla.suse.com/1198446 From sle-updates at lists.suse.com Thu May 12 19:21:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2022 21:21:44 +0200 (CEST) Subject: SUSE-SU-2022:1650-1: important: Security update for gzip Message-ID: <20220512192144.E3BFAF7B4@maintenance.suse.de> SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1650-1 Rating: important References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1650=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gzip-1.10-4.14.1 gzip-debuginfo-1.10-4.14.1 gzip-debugsource-1.10-4.14.1 References: From sle-updates at lists.suse.com Fri May 13 19:16:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2022 21:16:51 +0200 (CEST) Subject: SUSE-RU-2022:1655-1: moderate: Recommended update for pam Message-ID: <20220513191651.ABE1EF7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1655-1 Rating: moderate References: #1197794 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1655=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1655=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1655=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-1655=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1655=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1655=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1655=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1655=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1655=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1655=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1655=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1655=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-1.3.0-150000.6.58.3 pam-extra-1.3.0-150000.6.58.3 pam-extra-debuginfo-1.3.0-150000.6.58.3 pam-modules-12.1-150000.5.3.2 pam-modules-debuginfo-12.1-150000.5.3.2 pam-modules-debugsource-12.1-150000.5.3.2 - openSUSE Leap 15.4 (noarch): pam-doc-1.3.0-150000.6.58.3 - openSUSE Leap 15.4 (x86_64): pam-32bit-1.3.0-150000.6.58.3 pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-devel-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-debuginfo-1.3.0-150000.6.58.3 pam-modules-32bit-12.1-150000.5.3.2 pam-modules-32bit-debuginfo-12.1-150000.5.3.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-1.3.0-150000.6.58.3 pam-extra-1.3.0-150000.6.58.3 pam-extra-debuginfo-1.3.0-150000.6.58.3 pam-modules-12.1-150000.5.3.2 pam-modules-debuginfo-12.1-150000.5.3.2 pam-modules-debugsource-12.1-150000.5.3.2 - openSUSE Leap 15.3 (noarch): pam-doc-1.3.0-150000.6.58.3 - openSUSE Leap 15.3 (x86_64): pam-32bit-1.3.0-150000.6.58.3 pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-devel-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-debuginfo-1.3.0-150000.6.58.3 pam-modules-32bit-12.1-150000.5.3.2 pam-modules-32bit-debuginfo-12.1-150000.5.3.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): pam-doc-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): pam-1.3.0-150000.6.58.3 pam-32bit-1.3.0-150000.6.58.3 pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-1.3.0-150000.6.58.3 pam-devel-32bit-1.3.0-150000.6.58.3 pam-extra-1.3.0-150000.6.58.3 pam-extra-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-debuginfo-1.3.0-150000.6.58.3 pam-extra-debuginfo-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): pam-modules-12.1-150000.5.3.2 pam-modules-debuginfo-12.1-150000.5.3.2 pam-modules-debugsource-12.1-150000.5.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): pam-modules-32bit-12.1-150000.5.3.2 pam-modules-32bit-debuginfo-12.1-150000.5.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): pam-modules-12.1-150000.5.3.2 pam-modules-debuginfo-12.1-150000.5.3.2 pam-modules-debugsource-12.1-150000.5.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): pam-modules-32bit-12.1-150000.5.3.2 pam-modules-32bit-debuginfo-12.1-150000.5.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-32bit-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-32bit-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-1.3.0-150000.6.58.3 pam-extra-1.3.0-150000.6.58.3 pam-extra-debuginfo-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): pam-doc-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): pam-32bit-1.3.0-150000.6.58.3 pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-extra-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-debuginfo-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 pam-devel-1.3.0-150000.6.58.3 pam-extra-1.3.0-150000.6.58.3 pam-extra-debuginfo-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): pam-32bit-1.3.0-150000.6.58.3 pam-32bit-debuginfo-1.3.0-150000.6.58.3 pam-extra-32bit-1.3.0-150000.6.58.3 pam-extra-32bit-debuginfo-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): pam-doc-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): pam-1.3.0-150000.6.58.3 pam-debuginfo-1.3.0-150000.6.58.3 pam-debugsource-1.3.0-150000.6.58.3 References: https://bugzilla.suse.com/1197794 From sle-updates at lists.suse.com Fri May 13 19:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2022 21:17:34 +0200 (CEST) Subject: SUSE-RU-2022:1659-1: moderate: Recommended update for cups Message-ID: <20220513191734.42976F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1659-1 Rating: moderate References: #1189517 #1195115 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1659=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1659=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1659=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1659=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1659=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1659=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1659=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cups-2.2.7-150000.3.29.1 cups-client-2.2.7-150000.3.29.1 cups-client-debuginfo-2.2.7-150000.3.29.1 cups-config-2.2.7-150000.3.29.1 cups-ddk-2.2.7-150000.3.29.1 cups-ddk-debuginfo-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 cups-devel-2.2.7-150000.3.29.1 libcups2-2.2.7-150000.3.29.1 libcups2-debuginfo-2.2.7-150000.3.29.1 libcupscgi1-2.2.7-150000.3.29.1 libcupscgi1-debuginfo-2.2.7-150000.3.29.1 libcupsimage2-2.2.7-150000.3.29.1 libcupsimage2-debuginfo-2.2.7-150000.3.29.1 libcupsmime1-2.2.7-150000.3.29.1 libcupsmime1-debuginfo-2.2.7-150000.3.29.1 libcupsppdc1-2.2.7-150000.3.29.1 libcupsppdc1-debuginfo-2.2.7-150000.3.29.1 - openSUSE Leap 15.4 (x86_64): cups-devel-32bit-2.2.7-150000.3.29.1 libcups2-32bit-2.2.7-150000.3.29.1 libcups2-32bit-debuginfo-2.2.7-150000.3.29.1 libcupscgi1-32bit-2.2.7-150000.3.29.1 libcupscgi1-32bit-debuginfo-2.2.7-150000.3.29.1 libcupsimage2-32bit-2.2.7-150000.3.29.1 libcupsimage2-32bit-debuginfo-2.2.7-150000.3.29.1 libcupsmime1-32bit-2.2.7-150000.3.29.1 libcupsmime1-32bit-debuginfo-2.2.7-150000.3.29.1 libcupsppdc1-32bit-2.2.7-150000.3.29.1 libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cups-2.2.7-150000.3.29.1 cups-client-2.2.7-150000.3.29.1 cups-client-debuginfo-2.2.7-150000.3.29.1 cups-config-2.2.7-150000.3.29.1 cups-ddk-2.2.7-150000.3.29.1 cups-ddk-debuginfo-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 cups-devel-2.2.7-150000.3.29.1 libcups2-2.2.7-150000.3.29.1 libcups2-debuginfo-2.2.7-150000.3.29.1 libcupscgi1-2.2.7-150000.3.29.1 libcupscgi1-debuginfo-2.2.7-150000.3.29.1 libcupsimage2-2.2.7-150000.3.29.1 libcupsimage2-debuginfo-2.2.7-150000.3.29.1 libcupsmime1-2.2.7-150000.3.29.1 libcupsmime1-debuginfo-2.2.7-150000.3.29.1 libcupsppdc1-2.2.7-150000.3.29.1 libcupsppdc1-debuginfo-2.2.7-150000.3.29.1 - openSUSE Leap 15.3 (x86_64): cups-devel-32bit-2.2.7-150000.3.29.1 libcups2-32bit-2.2.7-150000.3.29.1 libcups2-32bit-debuginfo-2.2.7-150000.3.29.1 libcupscgi1-32bit-2.2.7-150000.3.29.1 libcupscgi1-32bit-debuginfo-2.2.7-150000.3.29.1 libcupsimage2-32bit-2.2.7-150000.3.29.1 libcupsimage2-32bit-debuginfo-2.2.7-150000.3.29.1 libcupsmime1-32bit-2.2.7-150000.3.29.1 libcupsmime1-32bit-debuginfo-2.2.7-150000.3.29.1 libcupsppdc1-32bit-2.2.7-150000.3.29.1 libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-150000.3.29.1 cups-ddk-debuginfo-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-150000.3.29.1 cups-ddk-debuginfo-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): cups-2.2.7-150000.3.29.1 cups-client-2.2.7-150000.3.29.1 cups-client-debuginfo-2.2.7-150000.3.29.1 cups-config-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 cups-devel-2.2.7-150000.3.29.1 libcups2-2.2.7-150000.3.29.1 libcups2-debuginfo-2.2.7-150000.3.29.1 libcupscgi1-2.2.7-150000.3.29.1 libcupscgi1-debuginfo-2.2.7-150000.3.29.1 libcupsimage2-2.2.7-150000.3.29.1 libcupsimage2-debuginfo-2.2.7-150000.3.29.1 libcupsmime1-2.2.7-150000.3.29.1 libcupsmime1-debuginfo-2.2.7-150000.3.29.1 libcupsppdc1-2.2.7-150000.3.29.1 libcupsppdc1-debuginfo-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcups2-32bit-2.2.7-150000.3.29.1 libcups2-32bit-debuginfo-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cups-2.2.7-150000.3.29.1 cups-client-2.2.7-150000.3.29.1 cups-client-debuginfo-2.2.7-150000.3.29.1 cups-config-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 cups-devel-2.2.7-150000.3.29.1 libcups2-2.2.7-150000.3.29.1 libcups2-debuginfo-2.2.7-150000.3.29.1 libcupscgi1-2.2.7-150000.3.29.1 libcupscgi1-debuginfo-2.2.7-150000.3.29.1 libcupsimage2-2.2.7-150000.3.29.1 libcupsimage2-debuginfo-2.2.7-150000.3.29.1 libcupsmime1-2.2.7-150000.3.29.1 libcupsmime1-debuginfo-2.2.7-150000.3.29.1 libcupsppdc1-2.2.7-150000.3.29.1 libcupsppdc1-debuginfo-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcups2-32bit-2.2.7-150000.3.29.1 libcups2-32bit-debuginfo-2.2.7-150000.3.29.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cups-config-2.2.7-150000.3.29.1 cups-debuginfo-2.2.7-150000.3.29.1 cups-debugsource-2.2.7-150000.3.29.1 libcups2-2.2.7-150000.3.29.1 libcups2-debuginfo-2.2.7-150000.3.29.1 References: https://bugzilla.suse.com/1189517 https://bugzilla.suse.com/1195115 From sle-updates at lists.suse.com Fri May 13 19:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2022 21:18:21 +0200 (CEST) Subject: SUSE-RU-2022:1658-1: important: Recommended update for libpsl Message-ID: <20220513191821.5F167F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpsl ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1658-1 Rating: important References: #1197771 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1658=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1658=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1658=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1658=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1658=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1658=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpsl-debugsource-0.20.1-150000.3.3.1 libpsl-devel-0.20.1-150000.3.3.1 libpsl5-0.20.1-150000.3.3.1 libpsl5-debuginfo-0.20.1-150000.3.3.1 psl-0.20.1-150000.3.3.1 psl-debuginfo-0.20.1-150000.3.3.1 - openSUSE Leap 15.4 (noarch): psl-make-dafsa-0.20.1-150000.3.3.1 - openSUSE Leap 15.4 (x86_64): libpsl5-32bit-0.20.1-150000.3.3.1 libpsl5-32bit-debuginfo-0.20.1-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpsl-debugsource-0.20.1-150000.3.3.1 libpsl-devel-0.20.1-150000.3.3.1 libpsl5-0.20.1-150000.3.3.1 libpsl5-debuginfo-0.20.1-150000.3.3.1 psl-0.20.1-150000.3.3.1 psl-debuginfo-0.20.1-150000.3.3.1 - openSUSE Leap 15.3 (x86_64): libpsl5-32bit-0.20.1-150000.3.3.1 libpsl5-32bit-debuginfo-0.20.1-150000.3.3.1 - openSUSE Leap 15.3 (noarch): psl-make-dafsa-0.20.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpsl-debugsource-0.20.1-150000.3.3.1 libpsl-devel-0.20.1-150000.3.3.1 libpsl5-0.20.1-150000.3.3.1 libpsl5-debuginfo-0.20.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libpsl5-32bit-0.20.1-150000.3.3.1 libpsl5-32bit-debuginfo-0.20.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpsl-debugsource-0.20.1-150000.3.3.1 libpsl-devel-0.20.1-150000.3.3.1 libpsl5-0.20.1-150000.3.3.1 libpsl5-debuginfo-0.20.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libpsl5-32bit-0.20.1-150000.3.3.1 libpsl5-32bit-debuginfo-0.20.1-150000.3.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpsl-debugsource-0.20.1-150000.3.3.1 libpsl5-0.20.1-150000.3.3.1 libpsl5-debuginfo-0.20.1-150000.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpsl-debugsource-0.20.1-150000.3.3.1 libpsl5-0.20.1-150000.3.3.1 libpsl5-debuginfo-0.20.1-150000.3.3.1 References: https://bugzilla.suse.com/1197771 From sle-updates at lists.suse.com Fri May 13 19:19:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2022 21:19:01 +0200 (CEST) Subject: SUSE-RU-2022:1660-1: Recommended update for publicsuffix Message-ID: <20220513191901.51927F7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for publicsuffix ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1660-1 Rating: low References: #1198068 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for publicsuffix fixes the following issue: - Update to version 20220405 (bsc#1198068) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1660=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1660=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1660=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1660=1 Package List: - openSUSE Leap 15.4 (noarch): publicsuffix-20220405-150000.3.9.1 - openSUSE Leap 15.3 (noarch): publicsuffix-20220405-150000.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): publicsuffix-20220405-150000.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): publicsuffix-20220405-150000.3.9.1 References: https://bugzilla.suse.com/1198068 From sle-updates at lists.suse.com Fri May 13 19:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2022 21:19:42 +0200 (CEST) Subject: SUSE-SU-2022:1657-1: moderate: Security update for curl Message-ID: <20220513191942.E5550F7B4@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1657-1 Rating: moderate References: #1198614 #1198723 #1198766 Cross-References: CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 CVSS scores: CVE-2022-22576 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-27775 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-27776 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1657=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1657=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1657=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1657=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.30.1 curl-debuginfo-7.66.0-150200.4.30.1 curl-debugsource-7.66.0-150200.4.30.1 libcurl-devel-7.66.0-150200.4.30.1 libcurl4-7.66.0-150200.4.30.1 libcurl4-debuginfo-7.66.0-150200.4.30.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-150200.4.30.1 libcurl4-32bit-7.66.0-150200.4.30.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.30.1 curl-debuginfo-7.66.0-150200.4.30.1 curl-debugsource-7.66.0-150200.4.30.1 libcurl-devel-7.66.0-150200.4.30.1 libcurl4-7.66.0-150200.4.30.1 libcurl4-debuginfo-7.66.0-150200.4.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-150200.4.30.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.30.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): curl-7.66.0-150200.4.30.1 curl-debuginfo-7.66.0-150200.4.30.1 curl-debugsource-7.66.0-150200.4.30.1 libcurl4-7.66.0-150200.4.30.1 libcurl4-debuginfo-7.66.0-150200.4.30.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): curl-7.66.0-150200.4.30.1 curl-debuginfo-7.66.0-150200.4.30.1 curl-debugsource-7.66.0-150200.4.30.1 libcurl4-7.66.0-150200.4.30.1 libcurl4-debuginfo-7.66.0-150200.4.30.1 References: https://www.suse.com/security/cve/CVE-2022-22576.html https://www.suse.com/security/cve/CVE-2022-27775.html https://www.suse.com/security/cve/CVE-2022-27776.html https://bugzilla.suse.com/1198614 https://bugzilla.suse.com/1198723 https://bugzilla.suse.com/1198766 From sle-updates at lists.suse.com Fri May 13 19:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2022 21:20:35 +0200 (CEST) Subject: SUSE-RU-2022:1656-1: moderate: Recommended update for llvm7 Message-ID: <20220513192035.6289CF7B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for llvm7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1656-1 Rating: moderate References: #1197775 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for llvm7 fixes the following issues: - Backport fixes and changes from Factory. (bsc#1197775) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package. - Fix build with linux-glibc-devel 5.13. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1656=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1656=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1656=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1656=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1656=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1656=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1656=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1656=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-150100.3.22.2 clang7-checker-7.0.1-150100.3.22.2 clang7-debuginfo-7.0.1-150100.3.22.2 clang7-devel-7.0.1-150100.3.22.2 libLLVM7-7.0.1-150100.3.22.2 libLLVM7-debuginfo-7.0.1-150100.3.22.2 libLTO7-7.0.1-150100.3.22.2 libLTO7-debuginfo-7.0.1-150100.3.22.2 libclang7-7.0.1-150100.3.22.2 libclang7-debuginfo-7.0.1-150100.3.22.2 lld7-7.0.1-150100.3.22.2 lld7-debuginfo-7.0.1-150100.3.22.2 llvm7-7.0.1-150100.3.22.2 llvm7-LTO-devel-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 llvm7-devel-7.0.1-150100.3.22.2 llvm7-devel-debuginfo-7.0.1-150100.3.22.2 llvm7-gold-7.0.1-150100.3.22.2 llvm7-gold-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-7.0.1-150100.3.22.2 llvm7-polly-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-devel-7.0.1-150100.3.22.2 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libomp7-devel-7.0.1-150100.3.22.2 libomp7-devel-debuginfo-7.0.1-150100.3.22.2 - openSUSE Leap 15.4 (noarch): llvm7-emacs-plugins-7.0.1-150100.3.22.2 llvm7-opt-viewer-7.0.1-150100.3.22.2 llvm7-vim-plugins-7.0.1-150100.3.22.2 - openSUSE Leap 15.4 (x86_64): clang7-devel-32bit-7.0.1-150100.3.22.2 libLLVM7-32bit-7.0.1-150100.3.22.2 libLLVM7-32bit-debuginfo-7.0.1-150100.3.22.2 libLTO7-32bit-7.0.1-150100.3.22.2 libLTO7-32bit-debuginfo-7.0.1-150100.3.22.2 libclang7-32bit-7.0.1-150100.3.22.2 libclang7-32bit-debuginfo-7.0.1-150100.3.22.2 liblldb7-7.0.1-150100.3.22.2 liblldb7-debuginfo-7.0.1-150100.3.22.2 lldb7-7.0.1-150100.3.22.2 lldb7-debuginfo-7.0.1-150100.3.22.2 lldb7-devel-7.0.1-150100.3.22.2 llvm7-LTO-devel-32bit-7.0.1-150100.3.22.2 llvm7-devel-32bit-7.0.1-150100.3.22.2 llvm7-devel-32bit-debuginfo-7.0.1-150100.3.22.2 python3-lldb7-7.0.1-150100.3.22.2 python3-lldb7-debuginfo-7.0.1-150100.3.22.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-150100.3.22.2 clang7-checker-7.0.1-150100.3.22.2 clang7-debuginfo-7.0.1-150100.3.22.2 clang7-devel-7.0.1-150100.3.22.2 libLLVM7-7.0.1-150100.3.22.2 libLLVM7-debuginfo-7.0.1-150100.3.22.2 libLTO7-7.0.1-150100.3.22.2 libLTO7-debuginfo-7.0.1-150100.3.22.2 libclang7-7.0.1-150100.3.22.2 libclang7-debuginfo-7.0.1-150100.3.22.2 lld7-7.0.1-150100.3.22.2 lld7-debuginfo-7.0.1-150100.3.22.2 llvm7-7.0.1-150100.3.22.2 llvm7-LTO-devel-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 llvm7-devel-7.0.1-150100.3.22.2 llvm7-devel-debuginfo-7.0.1-150100.3.22.2 llvm7-gold-7.0.1-150100.3.22.2 llvm7-gold-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-7.0.1-150100.3.22.2 llvm7-polly-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-devel-7.0.1-150100.3.22.2 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libomp7-devel-7.0.1-150100.3.22.2 libomp7-devel-debuginfo-7.0.1-150100.3.22.2 - openSUSE Leap 15.3 (noarch): llvm7-emacs-plugins-7.0.1-150100.3.22.2 llvm7-opt-viewer-7.0.1-150100.3.22.2 llvm7-vim-plugins-7.0.1-150100.3.22.2 - openSUSE Leap 15.3 (x86_64): clang7-devel-32bit-7.0.1-150100.3.22.2 libLLVM7-32bit-7.0.1-150100.3.22.2 libLLVM7-32bit-debuginfo-7.0.1-150100.3.22.2 libLTO7-32bit-7.0.1-150100.3.22.2 libLTO7-32bit-debuginfo-7.0.1-150100.3.22.2 libclang7-32bit-7.0.1-150100.3.22.2 libclang7-32bit-debuginfo-7.0.1-150100.3.22.2 liblldb7-7.0.1-150100.3.22.2 liblldb7-debuginfo-7.0.1-150100.3.22.2 lldb7-7.0.1-150100.3.22.2 lldb7-debuginfo-7.0.1-150100.3.22.2 lldb7-devel-7.0.1-150100.3.22.2 llvm7-LTO-devel-32bit-7.0.1-150100.3.22.2 llvm7-devel-32bit-7.0.1-150100.3.22.2 llvm7-devel-32bit-debuginfo-7.0.1-150100.3.22.2 python3-lldb7-7.0.1-150100.3.22.2 python3-lldb7-debuginfo-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): liblldb7-7.0.1-150100.3.22.2 liblldb7-debuginfo-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): liblldb7-7.0.1-150100.3.22.2 liblldb7-debuginfo-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): clang7-checker-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): clang7-checker-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-150100.3.22.2 clang7-debuginfo-7.0.1-150100.3.22.2 clang7-devel-7.0.1-150100.3.22.2 libLLVM7-7.0.1-150100.3.22.2 libLLVM7-debuginfo-7.0.1-150100.3.22.2 libLTO7-7.0.1-150100.3.22.2 libLTO7-debuginfo-7.0.1-150100.3.22.2 libclang7-7.0.1-150100.3.22.2 libclang7-debuginfo-7.0.1-150100.3.22.2 llvm7-7.0.1-150100.3.22.2 llvm7-LTO-devel-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 llvm7-devel-7.0.1-150100.3.22.2 llvm7-devel-debuginfo-7.0.1-150100.3.22.2 llvm7-gold-7.0.1-150100.3.22.2 llvm7-gold-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-7.0.1-150100.3.22.2 llvm7-polly-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-devel-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (ppc64le x86_64): libomp7-devel-7.0.1-150100.3.22.2 libomp7-devel-debuginfo-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libLLVM7-32bit-7.0.1-150100.3.22.2 libLLVM7-32bit-debuginfo-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): clang7-7.0.1-150100.3.22.2 clang7-debuginfo-7.0.1-150100.3.22.2 clang7-devel-7.0.1-150100.3.22.2 libLLVM7-7.0.1-150100.3.22.2 libLLVM7-debuginfo-7.0.1-150100.3.22.2 libLTO7-7.0.1-150100.3.22.2 libLTO7-debuginfo-7.0.1-150100.3.22.2 libclang7-7.0.1-150100.3.22.2 libclang7-debuginfo-7.0.1-150100.3.22.2 llvm7-7.0.1-150100.3.22.2 llvm7-LTO-devel-7.0.1-150100.3.22.2 llvm7-debuginfo-7.0.1-150100.3.22.2 llvm7-debugsource-7.0.1-150100.3.22.2 llvm7-devel-7.0.1-150100.3.22.2 llvm7-devel-debuginfo-7.0.1-150100.3.22.2 llvm7-gold-7.0.1-150100.3.22.2 llvm7-gold-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-7.0.1-150100.3.22.2 llvm7-polly-debuginfo-7.0.1-150100.3.22.2 llvm7-polly-devel-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): libomp7-devel-7.0.1-150100.3.22.2 libomp7-devel-debuginfo-7.0.1-150100.3.22.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libLLVM7-32bit-7.0.1-150100.3.22.2 libLLVM7-32bit-debuginfo-7.0.1-150100.3.22.2 References: https://bugzilla.suse.com/1197775 From sle-updates at lists.suse.com Sat May 14 07:30:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 09:30:36 +0200 (CEST) Subject: SUSE-CU-2022:983-1: Security update of suse/sles12sp3 Message-ID: <20220514073036.C5A2CF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:983-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.385 , suse/sles12sp3:latest Container Release : 24.385 Severity : important Type : security References : 1198446 CVE-2022-1304 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1652-1 Released: Thu May 12 17:14:55 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) The following package changes have been done: - libcom_err2-1.42.11-16.9.1 updated From sle-updates at lists.suse.com Sat May 14 07:55:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 09:55:32 +0200 (CEST) Subject: SUSE-CU-2022:984-1: Recommended update of suse/sle15 Message-ID: <20220514075532.68725F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:984-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.615 Container Release : 6.2.615 Severity : important Type : recommended References : 1197771 1197794 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated From sle-updates at lists.suse.com Sat May 14 08:15:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 10:15:21 +0200 (CEST) Subject: SUSE-CU-2022:985-1: Security update of suse/sle15 Message-ID: <20220514081521.E7C4DF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:985-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.135 Container Release : 9.5.135 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated From sle-updates at lists.suse.com Sat May 14 08:39:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 10:39:06 +0200 (CEST) Subject: SUSE-CU-2022:999-1: Security update of bci/bci-init Message-ID: <20220514083906.388BAF790@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:999-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.14.19 , bci/bci-init:latest Container Release : 14.19 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated From sle-updates at lists.suse.com Sat May 14 08:42:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 10:42:59 +0200 (CEST) Subject: SUSE-CU-2022:1000-1: Security update of bci/nodejs Message-ID: <20220514084259.A143FF7B4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1000-1 Container Tags : bci/node:12 , bci/node:12-16.19 , bci/nodejs:12 , bci/nodejs:12-16.19 Container Release : 16.19 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated From sle-updates at lists.suse.com Sat May 14 08:46:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 10:46:38 +0200 (CEST) Subject: SUSE-CU-2022:1001-1: Security update of bci/nodejs Message-ID: <20220514084638.855C0F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1001-1 Container Tags : bci/node:14 , bci/node:14-19.16 , bci/nodejs:14 , bci/nodejs:14-19.16 Container Release : 19.16 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated From sle-updates at lists.suse.com Sat May 14 08:49:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 10:49:30 +0200 (CEST) Subject: SUSE-CU-2022:1002-1: Security update of bci/nodejs Message-ID: <20220514084930.1F588F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1002-1 Container Tags : bci/node:16 , bci/node:16-7.18 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-7.18 , bci/nodejs:latest Container Release : 7.18 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated From sle-updates at lists.suse.com Sat May 14 08:55:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 10:55:55 +0200 (CEST) Subject: SUSE-CU-2022:1003-1: Security update of bci/openjdk-devel Message-ID: <20220514085555.72C26F790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1003-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.37 , bci/openjdk-devel:latest Container Release : 17.37 Severity : important Type : security References : 1197771 1197794 1198068 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1660-1 Released: Fri May 13 15:42:21 2022 Summary: Recommended update for publicsuffix Type: recommended Severity: low References: 1198068 This update for publicsuffix fixes the following issue: - Update to version 20220405 (bsc#1198068) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - publicsuffix-20220405-150000.3.9.1 updated - container:openjdk-11-image-15.3.0-17.19 updated From sle-updates at lists.suse.com Sat May 14 09:01:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 May 2022 11:01:48 +0200 (CEST) Subject: SUSE-CU-2022:1007-1: Security update of trento/trento-runner Message-ID: <20220514090148.3DAF8F7B4@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1007-1 Container Tags : trento/trento-runner:1.0.0 , trento/trento-runner:1.0.0-build4.8.1 , trento/trento-runner:latest Container Release : 4.8.1 Severity : important Type : security References : 1047218 1071995 1074971 1080978 1081495 1081495 1084533 1084842 1085785 1086185 1094680 1095817 1096008 1096677 1098017 1099119 1099192 1100504 1102522 1104821 1105000 1108038 1109412 1109413 1109414 1111996 1112534 1112535 1113247 1113252 1113255 1113313 1113978 1114209 1114209 1114592 1114832 1116827 1118644 1118830 1118831 1118897 1118897 1118898 1118898 1118899 1118899 1119634 1119706 1120640 1121034 1121035 1121056 1121397 1121967 1123013 1124644 1126826 1126829 1126831 1128376 1128746 1128794 1129389 1131264 1133131 1133232 1134068 1140126 1141190 1141897 1141913 1142649 1142649 1142772 1143609 1146475 1148517 1149145 1150164 1152590 1153768 1153770 1154016 1154025 1157755 1160086 1160254 1160590 1160590 1161913 1163333 1163744 1164903 1167939 1167939 1172608 1172798 1175132 1177047 1178577 1178614 1178624 1178675 1179036 1179341 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454 1180461 1180713 1181452 1181618 1182252 1182345 1183043 1183511 1183909 1184519 1184620 1184794 1185348 1186642 1188941 1190589 1190649 1190649 1190649 1190649 1190649 1190649 1190649 1190649 1190649 1191468 1191473 1192267 1192377 1192378 1193597 1193598 1195628 1195834 1195835 1195838 1196107 1196732 1198062 1198237 1198423 1198424 1198922 CVE-2018-1000876 CVE-2018-16873 CVE-2018-16873 CVE-2018-16874 CVE-2018-16874 CVE-2018-16875 CVE-2018-16875 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7187 CVE-2018-7187 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 CVE-2019-12972 CVE-2019-14250 CVE-2019-14250 CVE-2019-14444 CVE-2019-15847 CVE-2019-17450 CVE-2019-17451 CVE-2019-5736 CVE-2019-6486 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-13844 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294 CVE-2021-3487 CVE-2021-38297 CVE-2021-39293 CVE-2021-41771 CVE-2021-41772 CVE-2021-44716 CVE-2021-44717 CVE-2022-1271 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24675 CVE-2022-24921 CVE-2022-28327 ECO-368 SLE-6206 SLE-6738 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1189-1 Released: Wed Jun 20 16:20:01 2018 Summary: Security update for go, go1.9 Type: security Severity: moderate References: 1081495,1085785,CVE-2018-7187 This update for go and go1.9 fixes the following issues: The following security issues have been addressed for both packages: - CVE-2018-7187: Fixed the validation of the import path in the go get command, which allowed for arbitrary command execution via VCS path when the -insecure flag is used (bsc#1081495) The following other changes have been made for go1.9: - Fixes to the go command and the crypto/x509 and strings packages, which add minimal support to the go command for the vgo transition. - Several fixes to the compiler and go command - Fixed various issues in go trace (bsc#1085785): - Ensure go binaries are not stripped (eg: go tools trace), this caused some of them to misbehave - Ensure go trace html template is shipped as part of the installation, otherwise the web UI won't work For details on any other changes see the Go milestones on the official issue tracker. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2798-1 Released: Wed Nov 28 07:48:35 2018 Summary: Recommended update for make Type: recommended Severity: moderate References: 1100504 This update for make fixes the following issues: - Use a non-blocking read with pselect to avoid hangs (bsc#1100504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:3064-1 Released: Fri Dec 28 18:39:08 2018 Summary: Security update for containerd, docker and go Type: security Severity: important References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187 This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:6-1 Released: Wed Jan 2 20:25:25 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1099119,1099192 GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:905-1 Released: Mon Apr 8 16:48:02 2019 Summary: Recommended update for gcc Type: recommended Severity: moderate References: 1096008 This update for gcc fixes the following issues: - Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1105-1 Released: Tue Apr 30 12:10:58 2019 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738 This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1234-1 Released: Tue May 14 18:31:52 2019 Summary: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Type: security Severity: important References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486 This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2702-1 Released: Wed Oct 16 18:41:30 2019 Summary: Security update for gcc7 Type: security Severity: moderate References: 1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847 This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2779-1 Released: Thu Oct 24 16:57:42 2019 Summary: Security update for binutils Type: security Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:10-1 Released: Thu Jan 2 12:35:06 2020 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1146475 This update for gcc7 fixes the following issues: - Fix miscompilation with thread-safe localstatic initialization (gcc#85887). - Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:395-1 Released: Tue Feb 18 14:16:48 2020 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1160086 This update for gcc7 fixes the following issue: - Fixed a miscompilation in zSeries code (bsc#1160086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:453-1 Released: Tue Feb 25 10:51:53 2020 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1160590 This update for binutils fixes the following issues: - Recognize the official name of s390 arch13: 'z15'. (bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3060-1 Released: Wed Oct 28 08:09:21 2020 Summary: Security update for binutils Type: security Severity: moderate References: 1126826,1126829,1126831,1140126,1142649,1143609,1153768,1153770,1157755,1160254,1160590,1163333,1163744,CVE-2019-12972,CVE-2019-14250,CVE-2019-14444,CVE-2019-17450,CVE-2019-17451,CVE-2019-9074,CVE-2019-9075,CVE-2019-9077 This update for binutils fixes the following issues: binutils was updated to version 2.35. (jsc#ECO-2373) Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. - fix DT_NEEDED order with -flto [bsc#1163744] Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. - Add new subpackages for libctf and libctf-nobfd. - Disable LTO due to bsc#1163333. - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078 - fix various build fails on aarch64 (PR25210, bsc#1157755). Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment = option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924 * Add xBPF target * Fix various problems with DWARF 5 support in gas * fix nm -B for objects compiled with -flto and -fcommon. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3749-1 Released: Thu Dec 10 14:39:28 2020 Summary: Security update for gcc7 Type: security Severity: moderate References: 1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:79-1 Released: Tue Jan 12 10:49:34 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1167939 This update for gcc7 fixes the following issues: - Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:596-1 Released: Thu Feb 25 10:26:30 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1181618 This update for gcc7 fixes the following issues: - Fixed webkit2gtk3 build (bsc#1181618) - Change GCC exception licenses to SPDX format - Remove include-fixed/pthread.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:598-1 Released: Thu Feb 25 10:30:23 2021 Summary: Recommended update for go Type: recommended Severity: moderate References: 1164903,1172608,1175132 This update for go fixes the following issues: Update to current stable go1.15 (bsc#1175132) * Ensure 'Provides: golang(API) = %{api_version}' is consistent to improve package resolution for common go dependency expressions 'BuildRequires: golang(API) >= 1.x' and BuildRequires: go >= 1.x OBS projects that contain go code often have prjconf entries 'Prefer: go' which selects go metapackage over go1.x packages. When go metapackage Provides: version is lower than go1.x versions, 'Prefer: go' is not effective and build failures occur with errors unresolvable: have choice for golang(API) >= 1.13: go1.13 go1.14 Edits and changelog Jeff Kowalczyk (bsc#1172608) * Unify '{version'} and '{short_version}' as '{api_version}' for 'Provides: golang(API) = %{api_version}' * Use both 'BuildRequires: go%{api_version}' and 'Requires: go%{api_version}' to trigger build errors if go1.x is unavailable * Add aarch64 to supported systems for go-race via %define tsan_arch x86_64 aarch64 * Add tsan_arch x86_64 aarch64 for suse_version >= 1500 and sle_version >= 150000, formerly conditional on suse_version >= 1315 * Ensure %ifarch %{tsan_arch} always evaluates (nil does not work) via dummy tsan_arch on systems where go-race is not supported Update to current stable go1.14 (bsc#1164903) * Remove redundant Provides: go-doc=%{version} per rpmlint warning - Change suse_version >= 1315 (was 1550) defines short_version 1.12 go1.12 packages are available for SLE-12. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:716-1 Released: Fri Mar 5 17:22:27 2021 Summary: Recommended update for go Type: recommended Severity: moderate References: 1182345 This update for go fixes the following issues: - Update to current stable go1.16 (bsc#1182345) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1291-1 Released: Wed Apr 21 14:04:06 2021 Summary: Recommended update for mpfr Type: recommended Severity: moderate References: 1141190 This update for mpfr fixes the following issues: - Fixed an issue when building for ppc64le (bsc#1141190) Technical library fixes: - A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines). - The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow. - The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision. - The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2). - The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator. - The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1926-1 Released: Thu Jun 10 08:38:14 2021 Summary: Recommended update for gcc Type: recommended Severity: moderate References: 1096677 This update for gcc fixes the following issues: - Added gccgo symlink and go and gofmt as alternatives to support parallel installation of golang (bsc#1096677) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2993-1 Released: Thu Sep 9 14:31:33 2021 Summary: Recommended update for gcc Type: recommended Severity: moderate References: 1185348 This update for gcc fixes the following issues: - With gcc-PIE add -pie even when -fPIC is specified but we are not linking a shared library. [bsc#1185348] - Fix postun of gcc-go alternative. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3315-1 Released: Wed Oct 6 19:29:43 2021 Summary: Recommended update for go1.17 Type: recommended Severity: moderate References: 1190589,1190649,CVE-2021-39293 This update for go1.17 fixes the following issues: This is the initial go 1.17 shipment. go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip package, as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand, embed, go/types, html/template, and net/http packages. (bsc#1190649) CVE-2021-39293: Fixed an overflow in preallocation check that can cause OOM panic in archive/zip (bsc#1190589) go1.17 (released 2021-08-16) is a major release of Go. go1.17.x minor releases will be provided through August 2022. See https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (bsc#1190649) * See release notes https://golang.org/doc/go1.17. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * The compiler now implements a new way of passing function arguments and results using registers instead of the stack. Benchmarks for a representative set of Go packages and programs show performance improvements of about 5%, and a typical reduction in binary size of about 2%. This is currently enabled for Linux, macOS, and Windows on the 64-bit x86 architecture (the linux/amd64, darwin/amd64, and windows/amd64 ports). This change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code. * When the linker uses external linking mode, which is the default when linking a program that uses cgo, and the linker is invoked with a -I option, the option will now be passed to the external linker as a -Wl,--dynamic-linker option. * The runtime/cgo package now provides a new facility that allows to turn any Go values to a safe representation that can be used to pass values between C and Go safely. See runtime/cgo.Handle for more information. * ARM64 Go programs now maintain stack frame pointers on the 64-bit ARM architecture on all operating systems. Previously, stack frame pointers were only enabled on Linux, macOS, and iOS. * Pruned module graphs in go 1.17 modules: If a module specifies go 1.17 or higher, the module graph includes only the immediate dependencies of other go 1.17 modules, not their full transitive dependencies. To convert the go.mod file for an existing module to Go 1.17 without changing the selected versions of its dependencies, run: go mod tidy -go=1.17 By default, go mod tidy verifies that the selected versions of dependencies relevant to the main module are the same versions that would be used by the prior Go release (Go 1.16 for a module that specifies go 1.17), and preserves the go.sum entries needed by that release even for dependencies that are not normally needed by other commands. The -compat flag allows that version to be overridden to support older (or only newer) versions, up to the version specified by the go directive in the go.mod file. To tidy a go 1.17 module for Go 1.17 only, without saving checksums for (or checking for consistency with) Go 1.16: go mod tidy -compat=1.17 Note that even if the main module is tidied with -compat=1.17, users who require the module from a go 1.16 or earlier module will still be able to use it, provided that the packages use only compatible language and library features. The go mod graph subcommand also supports the -go flag, which causes it to report the graph as seen by the indicated Go version, showing dependencies that may otherwise be pruned out. * Module deprecation comments: Module authors may deprecate a module by adding a // Deprecated: comment to go.mod, then tagging a new version. go get now prints a warning if a module needed to build packages named on the command line is deprecated. go list -m -u prints deprecations for all dependencies (use -f or -json to show the full message). The go command considers different major versions to be distinct modules, so this mechanism may be used, for example, to provide users with migration instructions for a new major version. * go get -insecure flag is deprecated and has been removed. To permit the use of insecure schemes when fetching dependencies, please use the GOINSECURE environment variable. The -insecure flag also bypassed module sum validation, use GOPRIVATE or GONOSUMDB if you need that functionality. See go help environment for details. * go get prints a deprecation warning when installing commands outside the main module (without the -d flag). go install cmd at version should be used instead to install a command at a specific version, using a suffix like @latest or @v1.2.3. In Go 1.18, the -d flag will always be enabled, and go get will only be used to change dependencies in go.mod. * go.mod files missing go directives: If the main module's go.mod file does not contain a go directive and the go command cannot update the go.mod file, the go command now assumes go 1.11 instead of the current release. (go mod init has added go directives automatically since Go 1.12.) If a module dependency lacks an explicit go.mod file, or its go.mod file does not contain a go directive, the go command now assumes go 1.16 for that dependency instead of the current release. (Dependencies developed in GOPATH mode may lack a go.mod file, and the vendor/modules.txt has to date never recorded the go versions indicated by dependencies' go.mod files.) * vendor contents: If the main module specifies go 1.17 or higher, go mod vendor now annotates vendor/modules.txt with the go version indicated by each vendored module in its own go.mod file. The annotated version is used when building the module's packages from vendored source code. If the main module specifies go 1.17 or higher, go mod vendor now omits go.mod and go.sum files for vendored dependencies, which can otherwise interfere with the ability of the go command to identify the correct module root when invoked within the vendor tree. * Password prompts: The go command by default now suppresses SSH password prompts and Git Credential Manager prompts when fetching Git repositories using SSH, as it already did previously for other Git password prompts. Users authenticating to private Git repos with password-protected SSH may configure an ssh-agent to enable the go command to use password-protected SSH keys. * go mod download: When go mod download is invoked without arguments, it will no longer save sums for downloaded module content to go.sum. It may still make changes to go.mod and go.sum needed to load the build list. This is the same as the behavior in Go 1.15. To save sums for all modules, use: go mod download all * The go command now understands //go:build lines and prefers them over // +build lines. The new syntax uses boolean expressions, just like Go, and should be less error-prone. As of this release, the new syntax is fully supported, and all Go files should be updated to have both forms with the same meaning. To aid in migration, gofmt now automatically synchronizes the two forms. For more details on the syntax and migration plan, see https://golang.org/design/draft-gobuild. * go run now accepts arguments with version suffixes (for example, go run example.com/cmd at v1.0.0). This causes go run to build and run packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for running executables without installing them or without changing dependencies of the current module. * The format of stack traces from the runtime (printed when an uncaught panic occurs, or when runtime.Stack is called) is improved. * TLS strict ALPN: When Config.NextProtos is set, servers now enforce that there is an overlap between the configured protocols and the ALPN protocols advertised by the client, if any. If there is no mutually supported protocol, the connection is closed with the no_application_protocol alert, as required by RFC 7301. This helps mitigate the ALPACA cross-protocol attack. As an exception, when the value 'h2' is included in the server's Config.NextProtos, HTTP/1.1 clients will be allowed to connect as if they didn't support ALPN. See issue go#46310 for more information. * crypto/ed25519: The crypto/ed25519 package has been rewritten, and all operations are now approximately twice as fast on amd64 and arm64. The observable behavior has not otherwise changed. * crypto/elliptic: CurveParams methods now automatically invoke faster and safer dedicated implementations for known curves (P-224, P-256, and P-521) when available. Note that this is a best-effort approach and applications should avoid using the generic, not constant-time CurveParams methods and instead use dedicated Curve implementations such as P256. The P521 curve implementation has been rewritten using code generated by the fiat-crypto project, which is based on a formally-verified model of the arithmetic operations. It is now constant-time and three times faster on amd64 and arm64. The observable behavior has not otherwise changed. * crypto/tls: The new Conn.HandshakeContext method allows the user to control cancellation of an in-progress TLS handshake. The provided context is accessible from various callbacks through the new ClientHelloInfo.Context and CertificateRequestInfo.Context methods. Canceling the context after the handshake has finished has no effect. Cipher suite ordering is now handled entirely by the crypto/tls package. Currently, cipher suites are sorted based on their security, performance, and hardware support taking into account both the local and peer's hardware. The order of the Config.CipherSuites field is now ignored, as well as the Config.PreferServerCipherSuites field. Note that Config.CipherSuites still allows applications to choose what TLS 1.0???1.2 cipher suites to enable. The 3DES cipher suites have been moved to InsecureCipherSuites due to fundamental block size-related weakness. They are still enabled by default but only as a last resort, thanks to the cipher suite ordering change above. Beginning in the next release, Go 1.18, the Config.MinVersion for crypto/tls clients will default to TLS 1.2, disabling TLS 1.0 and TLS 1.1 by default. Applications will be able to override the change by explicitly setting Config.MinVersion. This will not affect crypto/tls servers. * crypto/x509: CreateCertificate now returns an error if the provided private key doesn't match the parent's public key, if any. The resulting certificate would have failed to verify. * crypto/x509: The temporary GODEBUG=x509ignoreCN=0 flag has been removed. * crypto/x509: ParseCertificate has been rewritten, and now consumes ~70% fewer resources. The observable behavior has not otherwise changed, except for error messages. * crypto/x509: Beginning in the next release, Go 1.18, crypto/x509 will reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated in 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015. * go/build: The new Context.ToolTags field holds the build tags appropriate to the current Go toolchain configuration. * net/http package now uses the new (*tls.Conn).HandshakeContext with the Request context when performing TLS handshakes in the client or server. * syscall: On Unix-like systems, the process group of a child process is now set with signals blocked. This avoids sending a SIGTTOU to the child when the parent is in a background process group. * time: The new Time.IsDST method can be used to check whether the time is in Daylight Savings Time in its configured location. * time: The new Time.UnixMilli and Time.UnixMicro methods return the number of milliseconds and microseconds elapsed since January 1, 1970 UTC respectively. * time: The new UnixMilli and UnixMicro functions return the local Time corresponding to the given Unix time. - Add bash scripts used by go tool commands to provide a more complete cross-compiling go toolchain install. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3488-1 Released: Wed Oct 20 16:18:39 2021 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1191468,CVE-2021-38297 This update for go1.17 fixes the following issues: Update to go1.17.2 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3616-1 Released: Thu Nov 4 12:29:16 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=